syslog-ng-users April 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: [syslog-ng] log message difference between sysl

[syslog-ng] log message difference between syslog and syslog-ng?

From: Evan Baer <evan.d.baer_at_nospam>
Date: Fri Apr 29 2011 - 16:18:26 GMT
To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu>

Hello,

We switched one of our last remaining syslog servers to syslog-ng a
few days ago, with no major surprises, except for one small difference
in log message formatting between syslog and syslog-ng for messages
from some of our network devices.

The difference is in the added ':' in the 5th column, after the hostname:

Apr 27 12:48:52 10.26.13.65 oob1-switch, System: Set fan speed to MED (75%)
Apr 28 16:59:53 10.26.13.65 oob1-switch,: System: Set fan speed to LOW (50%)

(the first line is from syslog, the second is from syslog-ng3-3.1.1,
running on freebsd)

For what it is worth, this formatting difference also occurs with
other devices of the same manufacturer and model which have valid
reverse ip entries in dns.

We have a few support scripts which read the logs and are picky about
the line formatting, so I'm keen to tweak the output lines in
syslog-ng.conf if possible.

Thoughts?

Thanks in advance,
    -- Evan
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html