[syslog-ng] Source udp driver and flags

Yann I. yann.frm at gmail.com
Wed Nov 10 14:57:34 CET 2010


Hello List,

I'm using the syslog-ng OSE version 3.1.2.

Currently, I have a syslog-ng server which collects events from several
devices : routers (Cisco), switches (Alcatel), other devices which send
events to the syslog server by using the port 514 with the protocol UDP.

For the router and the switch, I need to use the flag "no-parse" because I
have to parse the content of the message by using "patterndb.xml".
But... for the others devices I don't want to use the flag "no-parse"
because the events respect the syslog format.

I think it's not possible to configure syslog-ng like this :
   source s_udp_01 { udp (flags(no-parse); };
   source s_udp_02 { udp (); };

   log { source (s_udp_01); (...) };
   log { source (s_udp_02); (...) };

The workaround could be the modification of udp port destination for the
devices but it's not possible for the switch Alcatel. For the router Cisco,
I don't know if it's possible or not...

Someone would have an idea for that "problem" ?

Regards,

Yann I.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101110/2be9dd1e/attachment.htm 


More information about the syslog-ng mailing list