[syslog-ng] Syslog-ng Message Format

Maurya, Shivani shivani.maurya at intel.com
Mon Nov 7 12:23:26 UTC 2022 

Hi,

Please find the details below on the current template which we use for syslog-ng messages –

FORMAT – template("${R_ISODATE} ${FULLHOST_FROM} ${SOURCEIP} ${PRIORITY} ${FACILITY} ${PROGRAM} ${MSG}\n")
EXAMPLE - 2022-11-07T12:13:05+00:00 FQDN IP notice local7 6266821 Nov 7 12:15:58.043: %ILPOWER-5-DETECT: Interface Gi1/0/16: Power Device detected: Cisco PD
In the above example you can see the messages are prefixed with the %TAG. However with rfc 5425, the messages are not prefixed with %TAG & it’s a plain message.

Please let me know how to prefix the rfc 5425 messages with %TAG.

Regards,
Shivani Maurya

From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Balazs Scheidler
Sent: Monday, November 7, 2022 5:41 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Syslog-ng Message Format

Yes, there's.

It would be great if you could show us how you send your output to the log consumer today, it would be easier to suggest solutions based on that.

On Mon, Nov 7, 2022, 12:09 Maurya, Shivani <shivani.maurya at intel.com<mailto:shivani.maurya at intel.com>> wrote:
Hi All,

With the older Syslog-ng RFC format (rfc 3164), the devices used to send the syslog messages in the below format –

%TAG TIMESTAMP FULLHOSTFROM SEVERITY MSG
Example - %SYSMGR-2-NON_VOLATILE_DB_INODE_FULL:2022 Nov 7 03:54:30 MST: SYSMGR-2-NON_VOLATILE_DB_INODE_FULL: System non-volatile inode storage usage is unexpectedly high at 96

But with the new syslog-ng RFC format (rfc 5425), the devices send the syslog messages in below format –

TIMESTAMP FULLHOSTFROM SEVERITY MSG

Is there a way to update/format the messages (rfc 5424) to be pre-fixed with %TAG ?

Regards,
Shivani Maurya

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20221107/0d30f083/attachment-0001.htm>

More information about the syslog-ng mailing list