[syslog-ng] Remote server not keeping message intact

Sandor Geller sandor.geller at ericsson.com
Thu Nov 12 11:26:04 CET 2015


On 11/12/2015 11:14 AM, Gareth Allen wrote:

> The problem is I'd like to strip out the received timestamp and
> hostname from the beginning of the log and only have the raw Apache
> message.

With the no-parse flag you already disabled syslog-ng's parser so you 
got the raw apache log on the sending side. However to ensure that the 
receiver gets the message intact a protocol-compliant on-wire format 
must get used. You seem to use the old RFC3164 format so try

template("<30> $R_ISODATE $HOST $MSG\n")

of course you can change the priority, timestamp and hostname fields to 
whatever suits you best.

hth,

Sandor


More information about the syslog-ng mailing list