[syslog-ng] QuickQ syslog source drivers
Balazs Scheidler
bazsi77 at gmail.com
Sat Feb 17 07:31:57 UTC 2018
Yes, recent versions would accept normal bsd like messages. The key to
watch out is the framing, as that needs to be correct.
syslog(transport(tcp)) expects rfc5425 (or rfc5426, cant remember which)
style framing
network(transport(tcp) flags(syslog-protocol)) accepts both old and new
formats without framing
syslog(transport(udp)) has no framing, so again it accepts 5424 and 3164
and uses udp.
Actually, we may want to imply flags(syslog-protocol) everywhere in the
future, there's an easy way to autodetect the format.
On Feb 16, 2018 21:31, "Scot" <scotrn at gmail.com> wrote:
Will the syslog() source driver support both RFC5424 and RFC3164 from
different hosts at the same time in flight?
source s_syslog_tcp { syslog(port(514) transport("tcp")); };
source s_syslog_udp { syslog(port(514) transport("udp")); };
____________________________________________________________
__________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?
product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180217/35a03416/attachment.html>
More information about the syslog-ng
mailing list