[syslog-ng] Removing Prefixes from Syslog-ng Messages
Balazs Scheidler
bazsi at balabit.hu
Wed Apr 22 13:24:28 CEST 2009
On Thu, 2009-04-16 at 11:39 -0500, adam.j.brendamour at accenture.com
wrote:
> Hello all,
>
>
>
> I am having issues with syslog-ng adding prefixes to my messages. I
> currently have a syslog-ng agent sending messages from a log source to
> a syslog-ng central server. I am then sending the messages from the
> central server to a 3rd party event management program. Is there a
> way to forward an unchanged syslog-ng message from the relay server?
>
>
>
> For example:
>
> Message arriving from source:
>
> Apr 16 09:31:07 psrdev47 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700]
> "GET / HTTP/1.1" 302 427 "-" "-"
>
> Message being forwarded from server:
>
> Apr 16 09:31:07 10.56.2.77 125 <0>1 2009-04-16T09:31:02-07:00 psrdev47
> - - - - 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700] "GET / HTTP/1.1"
> 302 427 "-" "-"
>
>
you should use the syslog() driver to receive messages formatted to the
new IETF protocol standard.
--
Bazsi
More information about the syslog-ng
mailing list