[syslog-ng] syslog-ng parsing Error
Scheidler, Balázs
balazs.scheidler at balabit.com
Fri Jun 22 05:43:46 UTC 2018
On Jun 21, 2018 18:11, "David Campeau" <David.Campeau at tn.gov> wrote:
Hello,
I have a syslog source node sending syslogs, and they are being generated
via a python script, and is using Python Rfc5426SysLogHandler. So, these
syslog messages should be RFC compliant. However, syslog-ng does prepend
an error message before sending it on to be put into storage.
Example error message from syslog-ng = <43>Jun 21 10:27:38 *syslog-ng-Server
syslog-ng[2559]: **Error processing log message:* xxxxx timestamp, source
hostname and payload follows.
I’ve done some googling, but haven’t been able to find out what error 2559
means.
2559 is the pid of the syslog-ng process.
Any thoughts of what I might do to determine what syslog-ng isn’t liking
about the syslog it is receiving? I need to relay this information to a
developer so they can make adjustments to the python script.
After the colon the original message is reproduced verbatim, but as far as
I understand you changed that so judging why parsing failed is not possible.
One usual suspect is that you are using legacy bsd style source, wheras
your message is in the 5424 format.
Using the syslog() source instead of tcp/udp can help.
Hope this helps.
Best regards,
David
____________________________________________________________
__________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?
product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180622/8051164b/attachment.html>
More information about the syslog-ng
mailing list