[syslog-ng] Messages starting with tab not processed cleanly
Jon Nathan
jon+dated+1316621522.9cddca at rupture.net
Fri Sep 16 18:12:02 CEST 2011
* Gergely Nagy <algernon at balabit.hu> [09-16-2011 06:36]:
>
> The best course of action I can think of, is using a filter + rewrite
> combination, something like the following:
>
> filter f_tabhost { host("\t*" type(glob)); };
>
> rewrite r_rewrite_taberror {
> set("$HOST $PROGRAM $MSG", value("MSG"));
> set("$HOST_FROM", value("HOST"));
> set("-", value("PROGRAM"));
> };
>
> log {
> source(...);
> filter(f_tabhost);
> rewrite(r_rewrite_taberror);
> destination(d_syslog);
> flags(final);
> };
>
> log {
> source(...);
> destination(d_syslog);
> };
>
> This will set the message part appropriately, and set $HOST to
> $HOST_FROM (which is the originating host's name, as looked up via DNS),
> and $PROGRAM to a default value of "-".
>
> Provided that the sending hosts' reverse dns is the same as the host it
> sends in syslog messages, the above blocks should do the right thing.
>
> (I'm not sure whether all of this is supported in 3.1, I suppose it
> is. I only tried with 3.3, as that's what I have at hand, but according
> to the documentation, this should work with 3.2 aswell)
>
> --
> |8]
Thank you Gergely, this does exactly what we want.
-Jon
More information about the syslog-ng
mailing list