How do I get syslog-ng to receive syslog sent in rfc5424 format. I do see syslog-ng receiving the message in strace but it throws error while parsing.
Here is the syslog-ng i'm trying out:
/home/syslogng @us201.sjc# rpm -qi syslog-ng
Name : syslog-ng
Version : 3.5.6
Release : 3.el7
Architecture: x86_64
Install Date: Sat 19 Dec 2020 11:52:39 PM PST
Group : System Environment/Daemons
Size : 1674263
License : GPLv2+
Signature : RSA/SHA256, Wed 30 Dec 2015 01:37:42 PM PST, Key ID 6a2faea2352c64e5
Source RPM : syslog-ng-3.5.6-3.el7.src.rpm
Build Date : Wed 30 Dec 2015 11:58:05 AM PST
Build Host : buildhw-10-nfs.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : http://www.balabit.com/network-security/syslog-ng
Summary : Next-generation syslog server
Here is my syslog-ng conf file:
@version:3.5
@include "scl.conf"
source s_network {
network( transport(tcp) port(1514) flags(syslog-protocol));
};
destination d_syslog { file("/var/log/syslog-ng/logs.txt"); };
log {source(s_network); destination(d_syslog); };
Here is the strace output of syslog-ng. recvfrom() shows incoming message over tcp but there is error processing it. The message contains VERSION field after PRI in message
09:07:56.001542 recvfrom(13, "<166>1 Dec 22 09:07:55 al213 TEST: test mssage BB\n", 8192, 0, NULL, NULL) = 50
:
09:07:56.005995 writev(14, [{iov_base="Dec 22 09:07:56 al213 syslog-ng[14468]: Error processing log message: <166>1 Dec 22 09:07:55 al213 TEST: test mssage BB\n", iov_len=120}], 1) = 120
appreciate any help.
