Hi, On Thu, 21 Aug 2014 09:38:44 +0200 (CEST) Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote:
> now tcpdump shows such lines are emitted to port 514 host 10.100.100.1: > > <14>Aug 21 01:43:44 winserver1 Microsoft-Windows-GroupPolicy[936]: Okresowe > przetwarzanie zasad dla użyytkownika winserver1\ostrowska zostało ukończone w > czasie 0 s. > > but FreeBSD syslog doesn't write them out. What syslogd are you using on freebsd? It's possibly that it decides that the log is invalid and discards the message. The Microsoft-Windows-GroupPolicy[936] part might be too long, try rewriting with the following: $SourceName = 'test'; to_syslog_bsd(); > in the same time it properly writes from other unix hosts eg. > <38>Aug 21 09:09:09 login: login from 10.100.101.110 on pts/0 as root > > what is wrong? the only difference i see is a host name added with nxlog? > can this be a problem? can it be removed? RFC3164 requires the Hostname part to be present in the syslog header. I don't see why you'd want to remove it when you are collecting logs over the network from remote hosts. Regards, Botond ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
