[syslog-ng] Remote server not keeping message intact
Sandor Geller
sandor.geller at ericsson.com
Thu Nov 12 11:26:04 CET 2015
On 11/12/2015 11:14 AM, Gareth Allen wrote:
> The problem is I'd like to strip out the received timestamp and
> hostname from the beginning of the log and only have the raw Apache
> message.
With the no-parse flag you already disabled syslog-ng's parser so you
got the raw apache log on the sending side. However to ensure that the
receiver gets the message intact a protocol-compliant on-wire format
must get used. You seem to use the old RFC3164 format so try
template("<30> $R_ISODATE $HOST $MSG\n")
of course you can change the priority, timestamp and hostname fields to
whatever suits you best.
hth,
Sandor
More information about the syslog-ng
mailing list