On Thu, Aug 21, 2008 at 2:00 PM, (private) HKS <[EMAIL PROTECTED]> wrote: > On Thu, Aug 21, 2008 at 4:44 PM, Jeff Schroeder <[EMAIL PROTECTED]> wrote: >> On Thu, Aug 21, 2008 at 10:53 AM, Rainer Gerhards >> <[EMAIL PROTECTED]> wrote: >>> I have only been able to have a brief look, but it looks like the message >>> is incorrectly formatted. rsyslog is smart enough to detect that the >>> hostname is missing if the tag is followed by a character not valid in >>> hostnames. But if the tag even looks like a hostname, it has no chance of >>> detecting that it isn't one. As suggested, see RFC 3164 for what the format >>> should look like. I think the -x option (or some other) enables to strip >>> hostname detection, but I am not sure. You can "solve" this by misusing >>> some fields. E.g. FROMHOST probably has what actually is the tag. HKS >>> suggestion will help you find a suitable format.
You were right Rainer. It looks like the java code which injects the message is sending malformed syslog requests. syslog-ng still sends it through and does the correct things. Is there a way to make rsyslog a bit less strict about it? Running rsyslog with -c0 defeats the purpose of using rsyslog. Until our application has been fixed and rolled out accross our clusters worldwide, we rolled back to syslog-ng. >> >> Is there an equivalent of "-x" with "-c 3" enabled? It doesn't seem to >> work with -c3 and I'd >> rather not run in compatibility mode. > > > I don't think so. > > -HKS > -- Jeff Schroeder Don't drink and derive, alcohol and analysis don't mix. http://www.digitalprognosis.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
