[syslog-ng] syslog-ng is not reading level/facility properly
Charlie Reddington
charlie.reddington at gmail.com
Thu Sep 9 00:32:38 CEST 2010
You sir, are a god send. :) I should have formatted my question this
way the first time.
On Sep 8, 2010, at 5:16 PM, Matthew Hall wrote:
> A second possibility on top of the items Jerry pointed out such as
> possibly using wrong facilities on the sources, etc.
>
> I see you have set the no_parse flag on your syslog socket.
>
> This instructs Syslog that your messages are non standard or should be
> handled in a raw fashion. This causes Syslog to be incapable of
> determining facility, severity, hostname, and tag information. Since
> it
> appears nginx is sending properly made messages this is likely not
> what
> you want.
This is actually exactly what was wrong with this. I had my doubts
about this parse flag, but I was a bit unsure of what it did or didn't
do. And we where using it in another location, so I was using that as
my template. The way you explained it though, makes perfect sense.
I removed it, and everything starting logging the way I expected it to.
>
> There are many more. You need to be sure you are handling the things
> you
> are receiving appropriately for the format which is being sent to you.
>
> If you have some messages which should be parsed and some which should
> not, these should be sent onto separate ports so you can have the
> right
> flags set on each port.
Duly noted, I'll make sure to do that when I bring the rest of our
gear into the mix with this host.
Thanks both of you for the help!
Charlie
More information about the syslog-ng
mailing list