On Apr 20, 2012, at 1:25 PM, [email protected] wrote: > the string <190> is the encoded priority and severity of the message (in this > case local7.user). A properly formatted syslog message will have this (try > sending a message with the format RSYSLOG_Traditional_Forward_Format and you > should see a similar thing before the timestamp) If this is breaking the > message parsing, the receiving system is broken
As you'll see in the pcap file I just sent you directly (check your spam folder) the priority remains intact from one system to the other. The missing priority appears to be related to kern messages as processed by rsyslog and is not related to this. > looking at these dumps, I don't think the problem is the <190>, I think the > problem is the three characters before that (Q3. in the text represnetation), > those start at the same point that the timestamp starts in the last example. So the pcap file I just sent shows the receipt of the local7 message (with priority) and forwarded message from the rsyslog server's perspective. I hope this can show you what you need to know to get this identified. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
