[syslog-ng] Syslog-NG 3.0.5 incorrectly parsing messages without program names
Larry Low
llow at telesphere.com
Fri Dec 11 21:12:38 CET 2009
> > In the past I used the MSG macro to get the full syslog message. Now
> > MSG is broken into MSG and MSGHDR.
> >
> > If a message comes in without a program name such as "exiting on
> signal
> > 15" or "last message repeated 20 times", syslog-ng incorrectly takes
> > the first word as the program name. Trying to rebuild it with
> > $MSGHDR$MSG causes an erroneous : to be placed on these messages
> since
> > $MSGHDR is filled in with "exiting" and "last".
>
> I found a previous post and tried adding store-legacy-msghdr. The
> problem now is that MSGHDR still includes the first word such as
> "exiting" and "last" but no colon but on messages like "kernel : Kernel
> logging (proc) stopped.", "kernel: " is put in MSGHDR but then also
> placed in MSG and MSGONLY.
Noticed one more thing, if the PID is included in the syslog message then MSG and MSGONLY do not repeat process and pid when store-legacy-msghdr on.
>
> >
> > ---
> > Larry Lo
More information about the syslog-ng
mailing list