On Fri, 17 Jan 2014, Vladimir Marek wrote:
Or maybe rsyslog supposes that all messages have some sort of date/time
at the start, so that it can't start with letter 'z'?
Yup - valid syslog messages NEED to start with "<" (actually <PRI>). See
RFC5424 & RFC3164.
Oh, right! Out of your head, do you think that _not_ starting by '<'
could do any other bad things?
Thanks for the pointer!
quite a lot, because very often it is filtered based on priorities (like
mail.info /maillog). Rsyslog defaults to some values if it's not present,
but that's usually not what you expect.
Right. I'll investigate why I am getting the malformed syslog message
then.
It's actually _very_ common for things to send malformed messages, missing the
PRI, missing the timestamp, missing the hostname, or all of the above.
Rsyslog has a series of heuristics to try and do the 'right' thing when it gets
such messages, but it's guessing, and it's guesses are not always right.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
