On Fri, 20 Apr 2012, Jo Rhett wrote:
On Apr 20, 2012, at 1:52 PM, [email protected] wrote:
That is straight from the following line in rsyslog.conf, so if that is broken
then it's an rsyslog bug:
kern.info @[zenhost]:1154
what is your default template? if you could run a quick test and add
;RSYSLOG_Traditional_Forward_Format to the line and see if you get the format I
am expecting.
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
All of our logs are in this format, we don't use the modern/better format.
minor detail, you should use Forward instead of File when you are sending
the log to another machine, otherwise the priority/severity info is lost.
the fact that the contents is starting so much later in the omspoof version is
definantly a bug. I wonder what it thinks it's doing? could you write to a file
using the same template and see what shows up in the file?
All file writing works exactly as expected.
local7.*
/tmp/rawtest.log;Untouched
$ cat /tmp/rawtest.log
<190>Apr 20 14:39:33 sj2-web08 jorhett: 123 This is another test message$
No linefeed, so that's the prompt at the end there.
$ hexdump -c /tmp/rawtest.log
0000000 < 1 9 0 > A p r 2 0 1 4 : 3
0000010 9 : 3 3 s 2 2 - w w w 0 8 j
0000020 o r h e t t : 1 2 3 T h i s
0000030 i s a n o t h e r t e s t
0000040 m e s s a g e
0000048
So I suspect this is just a udpspoof thing. The very odd thing is that
either syslogd deals with this, or it only affects spoofing to a
non-standard port.
yep, this sure looks like a udpspoof problem.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
