[syslog-ng] Extra characters at beginning of line
chris packham
chris.packham at alliedtelesis.co.nz
Wed Jan 7 21:36:20 CET 2009
"<134>" is the encoding of the facility severity as per RFC 3164 http://www.ietf.org/rfc/rfc3164.txt (section 4.1.1).
Hopefully someone else on the list can point out why its appearing in your log messages. Can you post your syslog-ng version (syslog-ng -V) and relevant parts of your syslog-ng.conf file.
>>> Florian Hines <lists at syn-recon.net> 01/08/09 8:59 AM >>>
Hi Everyone,
I'm running into an issue where syslog-ng is adding extra characters to
beginning of every line. Specifically, "<134>" is getting inserted
right before the time stamp:
<134>Jan 7 13:06:17 host1 kernel: device eth0 entered promiscuous mode
This syslog-ng server is sending traffic to a remote Splunk instance
(using TCP, not UDP), at first I though it was Splunk adding the
characters but when I did a tcpdump on syslog-ng's outbound connection I
found that they where already present.
In addition to sending this traffic to Splunk the syslog-ng instance
also log's local to a file. The <134> doesn't show up in the local file.
Anyone have any ideas where this is coming from ?
Thanks!
Florian
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list