I’m using syslog-ng 1.6.8 on SLES 10. From this machine, I need to forward all events to the remote host 10.30.38.115. But preliminary I have to change messages a little bit, adding “MyMark” prefix to the end of the event. I tried the following:
source src {
internal();
unix-dgram("/dev/log");
};destination editredirect { udp("10.30.38.115" port(514) template("<$PRI> $DATE $HOST $MSG MyMark\n") ); };log { source(src); destination(editredirect); };
But it doesn’t work. On the remote host, I don’t receive these messages at all. Truth be told, I don’t receive them even if I remove the template. The remote host is configured to accept incoming messages and it really does.
So, my question is how to tune syslog-ng.conf so that I could change messages before sending them to the remote host.
Update: solved
Here is how redirection is now organized:
Remote machine:
source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal(); #
# the default log socket for local logging:
#
unix-dgram("/dev/log"); #
# uncomment to process log messages from network:
#
udp(ip("0.0.0.0") port(514));
tcp(ip("0.0.0.0") port(1470)); };
Local machine:
source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal(); #
# the following line will be replaced by the
# socket list generated by SuSEconfig using
# variables from /etc/sysconfig/syslog:
#
#unix-dgram("/dev/log");
unix-stream("/dev/log"); #
# uncomment to process log messages from network:
#
#udp(ip("0.0.0.0") port(514));
};destination editredirect { tcp("10.30.38.115" port(1470) template("<$PRI> $DATE $HOST $MSG MyMark\n")); };
log { source(src); destination(editredirect); };
Here is how redirection is now organized:
Remote machine:source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal(); #
# the default log socket for local logging:
#
unix-dgram("/dev/log"); #
# uncomment to process log messages from network:
#
udp(ip("0.0.0.0") port(514));
tcp(ip("0.0.0.0") port(1470)); };
Local machine:source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal(); #
# the following line will be replaced by the
# socket list generated by SuSEconfig using
# variables from /etc/sysconfig/syslog:
#
#unix-dgram("/dev/log");
unix-stream("/dev/log"); #
# uncomment to process log messages from network:
#
#udp(ip("0.0.0.0") port(514));
};
destination editredirect { tcp("10.30.38.115" port(1470) template("<$PRI> $DATE $HOST $MSG MyMark\n")); };
log { source(src); destination(editredirect); };
Check more discussion of this question.