Rsyslog seems to be mangling messages sent from our in-house applications. We are trying to get the same format as we did with syslog-ng previously and not having a lot of luck.
The logs are in the format something like this: TAG APPLICATION: MSG In syslog-ng, it looks like this locally and when sent to a remote syslog-ng server: Aug 21 00:00:00 ops051.nyc03.int ADMIN JAVA-EVENT: ops-192.168.101.251:65261 offset changed 0.0004593 seconds! rsyslog with the TraditionalFileFormat makes it look like this locally, stripping the hostname: Aug 21 00:00:00 JAVA-EVENT: ops-192.168.101.251:65261 offset changed 0.0004593 seconds! and like this when sent to a remote syslog-ng server. Notice how the ADMIN tag was removed: Aug 21 00:00:00 ops051.nyc03.int JAVA-EVENT: ops-192.168.101.251:65261 offset changed 0.0004593 seconds! We have realtime logscraping software that looks at all message tags and does custom reporting on them. It keys off the TAG property that rsyslog is stripping off. What can we do to enable this? We've been playing with custom $templates in the rsyslog.conf to no real avail. Thanks! -- Jeff Schroeder Don't drink and derive, alcohol and analysis don't mix. http://www.digitalprognosis.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
