[syslog-ng] syslog-ng is skipping syslog events with no PRI
Asif Iqbal
vadud3 at gmail.com
Tue Mar 20 00:52:57 UTC 2018
syslog-ng is *NOT* writing syslog like this to a file which has no <*PRI*>
23:49:48.306587 IP 192.168.1.100.39567 > 192.168.100.100.514: [|syslog]
E..... at .>..U...g..........T.2018-03-19T23:49:48+0000 alarmLog,
applianceName=Branch-UC1, tenantName=DEMO-CORP, alarmType=sla-not-met,
alarmKey=INTERNET, generateTime=1521503387, applianceId=1, vsnId=0,
tenantId=2, alarmCause=datapathState, alarmClearable=yes,
alarmClass=cleared, alarmKind=symptom, alarmEventType=equipmentAlarm,
alarmSeverity=cleared, alarmOwner=tenant, alarmSeqNo=1568,
alarmText="delay:9 msec", siteName=Branch-UC1
................
syslog-ng is writing syslog like this to a file *OK *
23:50:26.930023 IP 192.168.1.100.55078 > 192.168.100.100.514: SYSLOG
mail.info, length: 76
E..h.B at .>......g.....&...Tt.<22>Mar 19 23:50:26 SVL-remotehost-02 root:
this is third test alarmLog................
Here is my syslog-ng config
source s_udp { udp(ip(0.0.0.0) port(514)); };
destination d_alarm { file("/var/log/alarms.log"); };
filter f_alarm { match("alarmLog" value("MESSAGE")); };
log { source(s_udp); filter(f_alarm); destination(d_alarm); };
I am using syslog-ng version 3.5.6 on centos 7
Any idea why syslog-ng is writing the first log event into a file?
Appreciate any help!
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180319/67606b51/attachment.html>
More information about the syslog-ng
mailing list