[syslog-ng] Extra characters at beginning of line

Florian Hines lists at syn-recon.net
Wed Jan 7 20:59:06 CET 2009


Hi Everyone,

I'm running into an issue where syslog-ng is adding extra characters to
beginning of every line.  Specifically, "<134>" is getting inserted
right before the time stamp:

<134>Jan  7 13:06:17 host1 kernel: device eth0 entered promiscuous mode

This syslog-ng server is sending traffic to a remote Splunk instance
(using TCP, not UDP), at first I though it was Splunk adding the
characters but when I did a tcpdump on syslog-ng's outbound connection I
found that they where already present.

In addition to sending this traffic to Splunk the syslog-ng instance
also log's local to a file.  The <134> doesn't show up in the local file.

Anyone have any ideas where this is coming from ?

Thanks!
Florian


More information about the syslog-ng mailing list