Hi Richard, the $template directive is a feature of rsyslog ( http://www.rsyslog.com/doc/v8-stable/configuration/templates.html). It seems like you're using a relatively old version of the original BSD syslogd, which doesn't support changing it's output format.
Is there any chance for you to upgrade to a more modern syslog implementation, like rsyslog ( http://docs.graylog.org/en/1.2/pages/sending_data.html#rsyslog) or syslog-ng (http://docs.graylog.org/en/1.2/pages/sending_data.html#syslog-ng) ? Cheers, Jochen On Wednesday, 21 October 2015 12:05:59 UTC+2, Richard Moorhouse wrote: > > Hi > > Has anyone managed to get the syslogd utility in 'sysklogd' to send RFC > 5424 compliant syslog messages to Graylog? We use this package for syslog > output in Oracle Linux x86_64 > > I have tried both of the following in /etc/syslog.conf and whilst it > doesn't error when syslogd is restarted, no syslog messages are received by > Graylog: > > $template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% > %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% > %STRUCTURED-DATA% %msg%\n" > *.* @my.server.org:514;GRAYLOGRFC5424 > > or > > *.* @my.server.org:514;RSYSLOG_SyslogProtocol23Format > > > > The only configuration I can get to work is a simple UDP syslog config: > > *.* @my.server.org > > > Thanks for your help > > Richard M > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fa875f79-8a26-4b59-9a6c-cc2b6f7f3915%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
