[syslog-ng] Testing structured data syslog messages

Lance Laursen lance at demonware.net
Fri Feb 4 20:55:34 CET 2011


Hey Matthew,

That was it, thanks!

For people reading this after the fact, I am
running syslog-ng-3.1.2-1.rhel5. Using one of the following to sources will
work with rfc5424:
source s_udp { syslog( ip(0.0.0.0) port(514) transport(udp)); };
source s_udp { udp(flags(syslog-protocol)); };

This one does not parse correctly:
source s_udp { udp(); };

Regards,


On Thu, Feb 3, 2011 at 6:34 PM, Matthew Hall <mhall at mhcomputing.net> wrote:

> On Thu, Feb 03, 2011 at 05:11:08PM -0800, Lance Laursen wrote:
> > Unfortunately it is showing up in logs as this:
> >
> > 2011-02-03T22:45:30+00:00 localhost 1 2011-02-03T22:14:15.003Z
> superhostomg
> > process - ID47 [exampleSDID at 32473 iut="9" eventSource="rawr"
> eventID="69"]
> > Message portion. Test log with structured data.
> >
> > So all of the metadata is being printed to $MSG. What am I doing wrong?
>
> Depending on syslog-ng version you probably need this flag:
>
> syslog-protocol
>
>
> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/index.html-single.html#configuring_sources_syslog
>
> Regards,
> Matthew.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110204/ad3c956c/attachment.htm 


More information about the syslog-ng mailing list