Hello,I have to relay syslog messages from some locked-up/proprietary boxes (Mirapoint mail servers). To achieve this I am using rsyslog from the debian squeeze packages: rsyslogd 4.6.4. Messages are sent by the boxes using UDP protocol (no choice here), and must be relayed to a "home server" using RELP. My problem is that messages from the boxes are fairly malformed. The syslog-tag field largely exceed the 32 chars defined in the RFC 3164 (i did not checked if this has been updated), and so I belive they just started the put the MSG in the syslog TAG field. As a consequence, when forwarding thoose ugly messages, rsyslogd truncate the syslogtag (which is in fact the message itself) to fit in 32 char field.
Does newer version of rsyslog would handle thoose kind of messages?Is there any way to use template to properly "re-construct" the mesages prior to forwarding?
If you want to deeper look at it, I attached 2 dumps of such packets. First one (mirapoint.pcap) is the yslog packet as sent by the boxes, second one (rsyslog.pcap) is the message as forwarded to "home server" by rsyslog.
-- <http://www.horoa.net>
syslog-forward.tar.gz
Description: GNU Zip compressed data
<<attachment: a_chapellon.vcf>>
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
