[syslog-ng] Extra characters at beginning of line
Florian Hines
lists at syn-recon.net
Wed Jan 7 20:59:06 CET 2009
Hi Everyone,
I'm running into an issue where syslog-ng is adding extra characters to
beginning of every line. Specifically, "<134>" is getting inserted
right before the time stamp:
<134>Jan 7 13:06:17 host1 kernel: device eth0 entered promiscuous mode
This syslog-ng server is sending traffic to a remote Splunk instance
(using TCP, not UDP), at first I though it was Splunk adding the
characters but when I did a tcpdump on syslog-ng's outbound connection I
found that they where already present.
In addition to sending this traffic to Splunk the syslog-ng instance
also log's local to a file. The <134> doesn't show up in the local file.
Anyone have any ideas where this is coming from ?
Thanks!
Florian
More information about the syslog-ng
mailing list