[syslog-ng] Structure data set to "-"
Gabor Nagy (gnagy)
Gabor.Nagy at oneidentity.com
Wed Nov 27 13:41:24 UTC 2019
Hello,
Syslog-ng does not always put the sequenceId into SDATA, for example logs from a local file will have a seqnum and when forwarded it will have this SDATA field.
More info about this can be found under SEQNUM macro in our admin guide:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.24/administration-guide/63#TOPIC-1298112
Well, I don't know a quick solution (e.g. a config option to disable this), I'll try to help you.
Can you share your configuration, please?
Regards,
Gabor
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Debjyoti Mukherjee <debmukhra at gmail.com>
Sent: Tuesday, November 26, 2019 16:17
To: syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] Structure data set to "-"
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hello
Trying to send logs to remote syslog server in RFC 5424 format. The STRUCTURE_DATA should be set to "-".
What is the way to the this value to "-"
Currently it is coming as [meta sequenceId="21"]. I am using Openwrt and the syslog version is 3.24
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191127/4b5b25e5/attachment-0001.html>
More information about the syslog-ng
mailing list