Sorry, I found the problem. I thought rsyslogd was listening on that port, but it was nxlogd listening first. Switched to rsyslogd and the priorities are now getting trimmed and not written to the log file. Thanks for the response it did help me think it through.
On Wed, Feb 15, 2017 at 3:22 PM, Ralph Durkee <ralph.dur...@gmail.com> wrote: > rsyslogd 7.4.4-1ubuntu2.6 (Ubuntu 14.04) > > rsyslogd 7.4.4, compiled with: > FEATURE_REGEXP: Yes > FEATURE_LARGEFILE: No > GSSAPI Kerberos 5 support: Yes > FEATURE_DEBUG (debug build, slow code): No > 32bit Atomic operations supported: Yes > 64bit Atomic operations supported: Yes > Runtime Instrumentation (slow code): No > uuid support: Yes > > > > On Wed, Feb 15, 2017 at 2:59 PM, dan (ddp) <ddp...@gmail.com> wrote: > >> On Wed, Feb 15, 2017 at 1:03 PM, Ralph Durkee <ralph.dur...@gmail.com> >> wrote: >> > I'm surprised I'm not finding a quick answer to this one in my >> searches, so >> > hopefully this will be quick. >> > OSSEC is not parsing log files with a priority prefix, in the rfc3164 / >> BSD >> > format. The prematch fails. For example >> > >> > <13>Feb 15 12:59:01 hostname progname: message here >> > >> > ossec-logtest decode doesn't even find a host name or a program name. >> If >> > the prefix is manually removed it's parsed just fine of course. Given >> the >> > prefix is a standard format it would seem that there must be a simple >> means >> > to get the prematch to work correctly. >> > >> >> Most syslogds seem to strip this off the logs they write to disk.Which >> daemon are you using? >> >> > Thanks >> > -- Ralph >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to ossec-list+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
