syslog-ng-users April 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: Re: [syslog-ng] log message difference between

Re: [syslog-ng] log message difference between syslog and syslog-ng?

From: Balazs Scheidler <bazsi_at_nospam>
Date: Sat Apr 30 2011 - 20:49:38 GMT
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>

On Fri, 2011-04-29 at 12:18 -0400, Evan Baer wrote:
> Hello,
>
> We switched one of our last remaining syslog servers to syslog-ng a
> few days ago, with no major surprises, except for one small difference
> in log message formatting between syslog and syslog-ng for messages
> from some of our network devices.
>
> The difference is in the added ':' in the 5th column, after the hostname:
>
> Apr 27 12:48:52 10.26.13.65 oob1-switch, System: Set fan speed to MED (75%)
> Apr 28 16:59:53 10.26.13.65 oob1-switch,: System: Set fan speed to LOW (50%)
>
> (the first line is from syslog, the second is from syslog-ng3-3.1.1,
> running on freebsd)
>
> For what it is worth, this formatting difference also occurs with
> other devices of the same manufacturer and model which have valid
> reverse ip entries in dns.
>
> We have a few support scripts which read the logs and are picky about
> the line formatting, so I'm keen to tweak the output lines in
> syslog-ng.conf if possible.

Recent syslog-ng's have a "store-legacy-msghdr" even more recent ones
have that by default.

That should do the trick.

-- Bazsi ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html