On 01.11.2012 09:44, [email protected] wrote:
Ok. Is SyslogAgent v3.5 by Datagram ... see picture attached.
This is a good agent. I use it in some capacities. I suppose I should have submitted my decoder modifications. :/
Let me save you some grief with Datagram in another area. The logs are formatted a bit strangely so that they display in their front-end. They sometimes insert a DEL character in the logs, which will be interpreted as lost trailing characters and thus, some rules will fail to match. I solved it within syslog-ng by using a custom filter. This just replaces it with a space. (Note that it does not ad an extra space, it just doesn't delete the last character.)
rewrite r_datagram { subst("\x7f", " ", value("MESSAGE") flags(global)); };
If this one is not good, what agent is recommended?
The OSSEC agent, of course. :)
