[syslog-ng] Transparent TCP forward: what am I doing wrong?

Gergely Nagy algernon at balabit.hu
Thu Jun 30 11:16:33 CEST 2011


JP Vossen <jp at jpsdomain.org> writes:

> As I said, my goal is to receive TCP/514 and **transparently** forward 
> logs with no changes, as if they came in via UDP, to the localhost via 
> UDP/514.  In other words, I'm using syslog-ng as a shim to feed syslog 
> over TCP to a listener which only listens on UDP.

While it's early in the morning and I didn't have my dose of coffee yet:
wouldn't flags(no-parse) on the source side, and template("$MSG") on the
destination side work?

As far as I understand, no-parse would put the whole original message in
the $MSG macro, and then you override the destination template to skip
everything, and just send the $MSG.

But I haven't tested this, and I'm not even sure if it would work, but
I have a hunch that it should. Let me know if it doesn't!

-- 
|8]



More information about the syslog-ng mailing list