[syslog-ng] Removing Prefixes from Syslog-ng Messages
Balazs Scheidler
bazsi at balabit.hu
Wed Apr 29 17:51:41 CEST 2009
On Wed, 2009-04-22 at 11:08 -0500, adam.j.brendamour at accenture.com
wrote:
> I am using the syslog() drivers to send and receive messages. The
> original message polled from a file log is:
> [16/Apr/2009:09:31:02 -0700] "GET / HTTP/1.1" 302 427 "-" "-"
>
> Syslog-ng then sends the message to the relay server, adding the header
> to the original message:
> 16 09:31:07 hostname IP - -
this seems to be a new style format, although it is a little bit garbled.
Could you send me a tcpdump/strace that shows the exact characters sent and received?
>
> The syslog-ng relay collects the messages and forwards them on to
> another source and the header gets changed to this:
> Apr 16 09:31:07 relay_IP 125 <0>1 2009-04-16T09:31:02-07:00 hostname - -
> - - IP - -
>
> I am using the syslog() drivers across the board on the client and
> relay. Unfortunately, through testing and research, I have not found a
> way to stop these headers from being created at the beginning of the
> syslog messages.
>
Are you sure you are receiving this message with the syslog() driver?
The above case clearly indicates that syslog-ng processed it in
non-syslog mode.
--
Bazsi
More information about the syslog-ng
mailing list