0

Following the answer,

I have tried making changes in Syslog-NG 3.17 OSE version, with below configuration,

@version: 3.17

@include "scl.conf"

options {
};

source s_network_to_forward {
        network(
                flags(no-parse)
                transport(udp)
                port(514)
                keep-timestamp(no)
                persist-name("somekey")
        );
};


template forward_template {
        template($RAWMSG);
        template_escape(no);
};

destination forward_to_syslog2{
        network("1.2.3.4" transport(udp)  port(514) template(forward_template));
};

log {
        source(s_network_to_forward);
        destination(forward_to_syslog2);
};

Message to forward: Oct 31 16:44:29.071 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2

Above configuration is able to forward the message as shown below(with extra header in bold):

Oct 31 12:44:29 X.X.X.X 5277586: Oct 31 16:44:29.071 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2

where X.X.X.X is showing actual sender address(as expected), process id(5277586) and forwarding timestamp(Oct 31 12:44:29)

but

expecting to forward only Oct 31 16:44:29.071 UTC: X.X.X.X 5277586: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2

by removing forwarding timestamp

How to forward the required format?

overexchange
  • 15,768
  • 30
  • 152
  • 347

1 Answers1

0

If you want to forward the message as it was sent, the $RAWMESSAGE macro is a good idea, but by default it is empty (as it makes a message memory footprint larger).

You have to add an extra flag flags(...,store-raw-message) in the source configuration. (see the related documentation)

Your configuration would look like something this:

@version: 3.17

@include "scl.conf"

options {
};

source s_network_to_forward {
        network(
                flags(no-parse,store-raw-message)
                transport(udp)
                port(514)
                keep-timestamp(no)
                persist-name("somekey")
        );
};


template forward_template {
        template("$RAWMSG");
        template_escape(no);
};

destination forward_to_syslog2{
        network("1.2.3.4" transport(udp)  port(514) template(forward_template));
};

log {
        source(s_network_to_forward);
        destination(forward_to_syslog2);
};
kokan
  • 64
  • 3