[syslog-ng] vCenter 6.5 RFC5425 prefacing messages with a space
Evan Rempel
erempel at uvic.ca
Sat Feb 17 16:28:58 UTC 2018
Our VMWare team has been busy upgrading out infrastructure to 6.5 which
is great, but the syslogs started showing up as
2018-02-17T07:00:12 esx.host.name auth.info 1
2018-02-17T07:00:12.162028-08:00 esx.host.name sshd 4662 - - Did not
receive identification string from 142.104.139.163 port 51088
which I recognise as RFC5425, So I added the flags(syslog-protocol) to
my network source definition. Now the log message arrives much nicer as
2018-02-17T07:48:12 esx.host.name auth.info sshd[20835]: Did not
receive identification string from 142.104.139.163 port 42060
but if you look very closely you will notice that there are 2 spaces in
"sshd[20835]: Did" and in the original logged message there were 2
spaces preceding the word "Did".
Has anyone seen this before (or currently with your own VMWare 6.5). I'm
trying to figure out if this is a bug in syslog-ng or a bug in vCenter
6.5 or a config error on my systems.
Thanks,
Evan.
More information about the syslog-ng
mailing list