Just for verification, what happens if you use: *.info @@(o)127.0.0.1:7777;RSYSLOG_SyslogProtocol23Format
Also, which rsyslog version do you use? Rainer > -----Original Message----- > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog- > boun...@lists.adiscon.com] On Behalf Of Rodrian, Logan P (IS) > Sent: Tuesday, November 20, 2012 9:10 PM > To: rsyslog@lists.adiscon.com > Subject: [rsyslog] RFC 5424 over TCP Support > > I have tried using the following in my rules, but am still receiving > something that looks invalid. > > RULES > $ActionSendStreamDriver ptcp > $ActionForwardDefaultTemplateName RSYSLOG_SyslogProtocol23Format > *.info @@(o)127.0.0.1:7777 > > RECEIVE > "<4>Nov ..." > > What is received still does not look like it is conforming to RFC 5424 > yet, even after adding the recommended template. What am I doing > wrong? > > > > -----Original Message----- > > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog- > > boun...@lists.adiscon.com] On Behalf Of Rodrian, Logan P (IS) > > Sent: Thursday, November 01, 2012 3:00 PM > > To: rsyslog@lists.adiscon.com > > Subject: Re: [rsyslog] RFC 5424 over TCP Support > > > > Thank you for your reply. I am now using the octet framing as you > > prescribed, which seems to solve the original issue. My next issue > is > > that the syslog message string does not appear to be RFC 5424 > formatted > > (it looks like "<###>Nov ...."), versus: > > > > > > SYSLOG-MSG = HEADER SP STRUCTURED-DATA [SP MSG] > > > > HEADER = PRI VERSION SP TIMESTAMP SP HOSTNAME > > SP APP-NAME SP PROCID SP MSGID > > PRI = "<" PRIVAL ">" > > PRIVAL = 1*3DIGIT ; range 0 .. > > 191<http://tools.ietf.org/html/rfc5424#page-191> > > VERSION = NONZERO-DIGIT 0*2DIGIT > > > > ... > > > > Is there a setting or prebuilt template that will output the message > in > > RFC 5424 format? > > > I should probably alias the template, it is called > RSYSLOG_SyslogProtocol23Format - this stems back to the days when we > used rsyslog as a testbed for the pre-RFC versions. > > Rainer > > > Logan Rodrian > Cyber Engineer > Northrop Grumman > w (720) 744-7467 > m (303) 748-1649 > logan.rodr...@ngc.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.