[syslog-ng] AIX Syslog Messages

Ricardo Oliveira n3g4s at hotmail.com
Tue Jul 5 21:05:59 CEST 2011


Hi,
 
I'm having some problems properly storing messages received from AIX servers.
The format which they come in is like this:
 
"Jul  5 19:30:59 Message forwarded from server2: su: from root to ..."
 
According to a thread on this mailing list (https://lists.balabit.hu/pipermail/syslog-ng/2006-October/009372.html), and if I understood correctly, this should be OK, and I should get the expected behaviour of replacing this with the form:
 
"Jul  5 19:30:59 server2 su: from root to ..."
 
However, what I get in the log is:
 
"Jul  5 19:30:59 192.168.1.1 su: from root to ..."
 
Where the 192.168.1.1 is the IP of the machine I got the message from and not the name of the server (server2 in this case).
 
The issue here is that these messages belong to several machines which are sending their syslog messages to a NIM server which in turn forwards them to our syslog server, so the IP we end up with is not the machine's IP, but rather the NIM server IP, which is not what we need.
I tried parsing the message on arrival, but it doesn't work, I suppose it's because syslog-ng processes it before the parsers kick in.
 
Is there a way to do this?
 
TIA,
Ricardo. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110705/d85aecaf/attachment.htm 


More information about the syslog-ng mailing list