[syslog-ng] log message difference between syslog and syslog-ng?
Balazs Scheidler
bazsi at balabit.hu
Sat Apr 30 22:49:38 CEST 2011
On Fri, 2011-04-29 at 12:18 -0400, Evan Baer wrote:
> Hello,
>
> We switched one of our last remaining syslog servers to syslog-ng a
> few days ago, with no major surprises, except for one small difference
> in log message formatting between syslog and syslog-ng for messages
> from some of our network devices.
>
> The difference is in the added ':' in the 5th column, after the hostname:
>
> Apr 27 12:48:52 10.26.13.65 oob1-switch, System: Set fan speed to MED (75%)
> Apr 28 16:59:53 10.26.13.65 oob1-switch,: System: Set fan speed to LOW (50%)
>
> (the first line is from syslog, the second is from syslog-ng3-3.1.1,
> running on freebsd)
>
> For what it is worth, this formatting difference also occurs with
> other devices of the same manufacturer and model which have valid
> reverse ip entries in dns.
>
> We have a few support scripts which read the logs and are picky about
> the line formatting, so I'm keen to tweak the output lines in
> syslog-ng.conf if possible.
Recent syslog-ng's have a "store-legacy-msghdr" even more recent ones
have that by default.
That should do the trick.
--
Bazsi
More information about the syslog-ng
mailing list