[syslog-ng] Syslog relay : keep facility and level
Thibaud Desodt
tdesodt at tango04.net
Wed Sep 10 13:11:31 CEST 2008
Hi,
I am trying to setup a syslog-ng architecture with a relay.
Here is an example :
Linux Host1 logs messages to syslog with facility user.info
on Host1, syslog-ng is set up to forward these messages (with a filter
based on the facility) to Host2 via UDP
Linux Host2(log collector)'s syslog-ng is configured to listen for
incoming udp packets, and forward them to a Windows Host3 after changing
the message's format thanks to a template (add the Source IP at the
beginning of the message)
Windows Host3 processes the incoming udp messages.
I have managed to make it work, that is, messages generated on Host1
with the logger command are successfully received on Host3.
Nevertheless, it looks like all the messages reaching my Host3 have the
facility/priority User.notice, instead of the original one.
Here are some parts of my configuration :
-------on Host1:
#filter for user facility - for tests
filter f_user {facility(user); };
destination host2 {udp("IP.Address.of.Host2");};
log{ source(src); filter(f_user);destination( host2 );
};
------on Host2
# syslog full redirection to Thibaud's machine
destination host3 { udp("IP.ADDRESSE:OF:HOST" template("$SOURCEIP
$MSG\n")); };
source s_udp {udp();};
log { source(s_udp); destination ( host3 ); };
I generate messages on host1 with the command logger -p user.warning
"message warning test"
Is there anything I am doing wrong? Could changing the template make the
message lose information about Facility and Level?
Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080910/fecb8b30/attachment.htm
More information about the syslog-ng
mailing list