[syslog-ng] syslog-ng has add extra field

SZIGETVÁRI János jszigetvari at gmail.com
Thu Mar 25 15:24:09 UTC 2021


Hello Ivan,

Most commonly there may be two main formats of logs that you may encounter.
One is the traditional BSD-style syslog, described in RFC 3164:
https://tools.ietf.org/html/rfc3164
The other is the IETF-style log format, described in RFC 5424:
https://tools.ietf.org/html/rfc5424

In case of syslog-ng you would have to either use
network(transport(tcp|udp))
or
syslog() or network(transport(tcp|udp) flags(syslog-protocol))
respectively.

The sample logs you included seem to resemble the IETF-style.
What type of source do you have configured in your syslog-ng setup? (Could
you please share your config file?)

Best Regards,
János
--
Janos SZIGETVARI
RHCE, License no. 150-053-692
<https://www.redhat.com/rhtapps/verify/?certId=150-053-692>

LinkedIn: linkedin.com/in/janosszigetvari
E-mail: janos at szigetvari.com, jszigetvari at gmail.com
Web: janos.szigetvari.com

__ at __˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp


Ivan Nepryahin - Bercut <Ivan.Nepryahin at bercut.com> ezt írta (időpont:
2021. márc. 25., Cs, 14:56):

> Hi all!
>
>
>
> I think I have a stupid question, but I really dont know how this make.
>
> Situation:
> When I send syslog message with timestamp in  format "1Mar 25 2021
> 16:35:49" everything works great, but when  I send  message with timestamp
> in format "1Mar 25 2021 16:35:49*+03:00*", syslog-ng adding two extra
> fields with timestamp and IP address and due that break down  file naming.
>
> Question:
> How can I say to syslog-ng server do not  add extra fields when he  get
> message with +03:00  in timestamp?
>
> message without +03:00
> Mar 25 13:11:57 HUAWEI-CORE-OFFICE-1   <bla bla bal>
>
> mesage with  +03:00
> Mar 25 13:46:45 192.168.100.34 Mar 25 2021 16:46:45*+03:00*
> HUAWEI-CORE-OFFICE-1  <bla bla bla>
>
>
>
> I will be appreciate for any advice!
>
>
>
> P.s sorry for bad english it is not my native language
>
>
>
> best regards,
> *Nepryahin Ivan*
> IT Department
> *Phone**: *+7 812 327 32 33
> *Mobile: *+7 911 291 81 68
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210325/e65c083d/attachment.html>


More information about the syslog-ng mailing list