[rsyslog-notify] Forum Thread: Re: non-standard output format when hostname is missing - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon Nov 16 13:34:07 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26148#p26148
Message:
----------
the hostname is not optional in RFC3164 when sending logs between systems.
It is optional when writing to /dev/log on the local machine
locally the syslog daemon knows it's own hostname, so it can tell if it's
included in the message it's given, but a remote system doesn't know if the
string in that position is supposed to be a hostname or not.
the proper format is
<pri>timestamp hostname tag msg
no space between the > and the timestamp
so the sending system is doing multiple things wrong, see if you can fix it
there, otherwise you will have to fix it up when you forward it (with the
ancient 5.8 all you can do is use a custom template for forwarding)
More information about the rsyslog-notify
mailing list