[syslog-ng] EWMM and sudo app-parser

Fabien Wernli wernli at in2p3.fr
Thu Aug 6 13:56:37 UTC 2020


Hi Bazsi!

On Thu, Aug 06, 2020 at 03:45:19PM +0200, Balazs Scheidler wrote:
> As you can see the ".sudo" top-level key is there, listing sudo related
> name-value pairs as extracted on the client. I also checked the debug/trace
> logs on the server and confirmed that only ewmm parsing was done,

Thanks for your thorough investigation !

Thus I understand that when using syslog (not -ng) destination, and
default-network-drivers, sudo parsing will happen twice.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2801 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200806/ec6341a5/attachment.bin>


More information about the syslog-ng mailing list