[syslog-ng] First word of log message dropped
Rudolph, Timothy L
TRudolph at commnet.edu
Thu Sep 10 17:27:18 CEST 2009
I've recently started using syslog-ng 3.0.4 on a Solaris system to
collect logs from a number of devices and servers. I've noticed a few
instances where the first word of a log message is dropped from the
entry written to file when comparing to the standard syslogd.
One example is a message (local1.err) that comes over the network as:
Sep 10 09:29:32 duplicate IP address 1.1.1.1 sent from link address
00:00:00:00:00:00
Without the store-legacy-msghdr flag, the resulting message in my log
file generated by syslog-ng is:
Sep 10 09:29:32 so7761 IP: address 1.1.1.1 sent from link address
00:00:00:00:00:00
If I put the store-legacy-msghdr flag in, I only get a very minor
change, no colon:
Sep 10 09:29:32 so7761 IP address 1.1.1.1 sent from link address
00:00:00:00:00:00
Is there any way I can get these entries to log correctly?
Thanks,
Tim
More information about the syslog-ng
mailing list