I'm not familiar with syslog-ng, but I suspect this is just a difference in the formatting/interpretation of the raw packet. Try capturing a message or two from syslog-ng with tcpdump and compare to section 4 of RFC 3164.
You can see how rsyslog interprets it with the following template: $template test, "TIME: %timestamp% HOST: %hostname% TAG: %syslogtag% PROGRAM: %programname% MSG: %rawmsg%\n" This should give you some idea of how to create a template that will log in the format you need. -HKS On Thu, Aug 21, 2008 at 1:33 PM, Jeff Schroeder <[EMAIL PROTECTED]> wrote: > Rsyslog seems to be mangling messages sent from our in-house applications. > We are trying to get the same format as we did with syslog-ng previously and > not having a lot of luck. > > The logs are in the format something like this: > TAG APPLICATION: MSG > > In syslog-ng, it looks like this locally and when sent to a remote > syslog-ng server: > Aug 21 00:00:00 ops051.nyc03.int ADMIN JAVA-EVENT: > ops-192.168.101.251:65261 offset changed 0.0004593 seconds! > > rsyslog with the TraditionalFileFormat makes it look like this > locally, stripping the hostname: > Aug 21 00:00:00 JAVA-EVENT: ops-192.168.101.251:65261 offset changed > 0.0004593 seconds! > > and like this when sent to a remote syslog-ng server. Notice how the > ADMIN tag was removed: > Aug 21 00:00:00 ops051.nyc03.int JAVA-EVENT: ops-192.168.101.251:65261 > offset changed 0.0004593 seconds! > > We have realtime logscraping software that looks at all message tags > and does custom reporting on them. > It keys off the TAG property that rsyslog is stripping off. What can > we do to enable this? We've been playing > with custom $templates in the rsyslog.conf to no real avail. > > Thanks! > > -- > Jeff Schroeder > > Don't drink and derive, alcohol and analysis don't mix. > http://www.digitalprognosis.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
