[syslog-ng] RE : Removing Prefixes from Syslog-ng Messages

Vincent Panel Vincent.Panel at telindus.be
Fri Apr 17 09:33:19 CEST 2009 

Syslog-ng does not understand your header (that you call a prefix) so it thinks your message is headerless. As a syslog relay, according to RFCs, syslog-ng has to add its own header.

So your application is sending a header with a wrong format. What's wrong is that you have both the hostname and the IP addresse of your source. Your problem seems somewhat similar to mine : https://bugzilla.balabit.com/show_bug.cgi?id=40

I think syslog-ng should be more flexible about acceptable headers : you should be able to tell syslog-ng which format your header is expected to be.


-------- Message d'origine--------
De: syslog-ng-bounces at lists.balabit.hu de la part de adam.j.brendamour at accenture.com
Date: jeu. 16/04/2009 18:39
À: syslog-ng at lists.balabit.hu
Objet : [syslog-ng] Removing Prefixes from Syslog-ng Messages
 
Hello all,

 

I am having issues with syslog-ng adding prefixes to my messages.  I
currently have a syslog-ng agent sending messages from a log source to a
syslog-ng central server.  I am then sending the messages from the
central server to a 3rd party event management program.  Is there a way
to forward an unchanged syslog-ng message from the relay server?

 

For example:

Message arriving from source:   

Apr 16 09:31:07 psrdev47 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700]
"GET / HTTP/1.1" 302 427 "-" "-"

Message being forwarded from server:  

Apr 16 09:31:07 10.56.2.77 125 <0>1 2009-04-16T09:31:02-07:00 psrdev47 -
- - - 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700] "GET / HTTP/1.1" 302
427 "-" "-"

 

How can I configure the syslog-ng server to relay this unchanged message
to our destination?

Apr 16 09:31:07 psrdev47 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700]
"GET / HTTP/1.1" 302 427 "-" "-"

 

Thanks for your help!

 

Regards,

Adam

 

 



This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information.  If you have received it in error, please notify the sender immediately and delete the original.  Any other use of the email by you is prohibited.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090417/019eb7a4/attachment.htm

More information about the syslog-ng mailing list