[syslog-ng] Testing structured data syslog messages
Balazs Scheidler
bazsi at balabit.hu
Sun Feb 6 10:27:19 CET 2011
On Fri, 2011-02-04 at 11:55 -0800, Lance Laursen wrote:
> Hey Matthew,
>
>
> That was it, thanks!
>
>
> For people reading this after the fact, I am
> running syslog-ng-3.1.2-1.rhel5. Using one of the following to sources
> will work with rfc5424:
> source s_udp { syslog( ip(0.0.0.0) port(514) transport(udp)); };
> source s_udp { udp(flags(syslog-protocol)); };
>
>
> This one does not parse correctly:
> source s_udp { udp(); };
>
yup, this is the legacy source. the preferred format is to use the
syslog() driver, the flags() stuff is there for mere completeness.
The reason is: TCP syslog-ng is able to use the old-style, framing-less
protocol by using tcp(flags(syslog-protocol)), whereas
syslog(transport(tcp)) uses framing too.
udp(flags(syslog-protocol)) is the same as syslog(transport(udp))
--
Bazsi
More information about the syslog-ng
mailing list