[syslog-ng] Win syslog-agent PRI

Mon Jan 28 18:42:25 CET 2008

Bazsi/Others;

Where and how can I download the Windows agent?  Or this a "Premium" only download?

Thanks,

.vp

> From: bazsi at balabit.hu
> To: syslog-ng at lists.balabit.hu
> Date: Mon, 28 Jan 2008 16:04:18 +0100
> Subject: Re: [syslog-ng] Win syslog-agent PRI
> 
> 
> On Mon, 2008-01-28 at 11:54 +0000, Tiago Gomes da Silva Mendo wrote:
> > >On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
> > >> Hi,
> > >> 
> > >>  
> > >> 
> > >> I have syslog-ng-premium-edition (2.1.8) on an Debian etch and
> > >> multiple linuxs sending syslog messages to this server, using
> > >> diferents PRIs.
> > >> 
> > >> The problem is with the windows agent (2.1.4). In the windows agent I
> > >> have an message format like this: “<182>$DATE $HOST $EVENT_SOURCE:
> > >> $MSG”, but at the server the received PRI is not 182. 
> > >> 
> > >> At the server I get messages with the correct PRI when the syslog-ng
> > >> agent is restarted:
> > >> 
> > >>  
> > >> 
> > >> “Jan 28 10:57:41 10.176.25.108 LogRelay: Application started”, with
> > >> local6 and info, but every message I send through syslog-ng agent
> > >> arrives at the server with user/notice (PRI 13).
> > > 
> > >Are you reading messages from files or you are sending out the EventLog
> > >records?
> > > 
> > >If my assumption is true, then the difference between the LogRelay entry
> > >and the other messages is that the LogRelay entry is coming from the
> > >EventLog, and the others come from files, right?
> > > 
> > >I ask my collegue to look into this.
> > > 
> 
> I've talked to my collegue, and as it seems the 2.1.x version of the
> agent does not support templates for lines coming from file sources.
> 
> However the upcoming 2.2 version already does, but it's not ready for
> public consumption yet.
> 
> -- 
> Bazsi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080128/1708ae0b/attachment.htm 