Squid logging to syslog-ng - program name has brackets

Question

Using Ubuntu 10.04.4 LTS and Squid3 I want to log to syslog-ng

Edited /etc/squid3/squid.conf and added the following line:

access_log syslog squid

Logs are being written but the program name "squid" is being added in brackets, while for other logs the program name isn't

Jul 25 17:26:23 ubuntuserver kernel: 
Jul 25 17:26:24 ubuntuserver named[1231]:
Jul 25 16:17:56 ubuntuserver (squid):

I assume this is squid3 telling syslog-ng "my program name is (squid)" and am unable to find anywhere to configure this differently as I would like to remove the brackets.

In syslog-ng's conf I've had a play with outputting the log and the $PROGRAM macro definitely contains the brackets too, which indicates it is coming from squid as this page indicates the below: http://www.balabit.com/sites/default/files/documents/syslog-ng-admin-guide_en.html/reference_macros.html

PROGRAM: The name of the program sending the message. Note that the content of the $PROGRAM variable may not be completely trusted as it is provided by the client program that constructed the message.

How can I remove the brackets?

Answer 1

You can use a rewrite rule to fix up the program name anyway you want it:

rewrite r_brackets {
    subst ("\((.+)\)", "$1", value (PROGRAM));
};

...

log { source (...); ....; rewrite (r_brackets); destination (...); ...; };

Answer 2

Try following the forum post HERE - it outlines how to configure Squid with LogZilla using syslog-ng. In the post, the configs used are sending the program name properly.