Menu
▾
▴
Re: [Sshguard-users] [syslog-ng] syslog-ng MSGHDR
|
From: Balazs S. <ba...@ba...> - 2010-01-22 10:48:55
|
On Fri, 2010-01-22 at 09:43 +0100, Mij wrote: > Dear syslog-ng folks, > > I am the maintainer of sshguard, see http://www.sshguard.net . > Sshguard can be interfaced with syslog-ng. Multiple users of syslog-ng > recently reported that switching to 3.x required a configuration change > for preserving the original logging format, see > > https://sourceforge.net/mailarchive/forum.php?thread_name=EE040D72-0185-41EB-BECE-DED8C0272EDB%40sshguard.net&forum_name=sshguard-users > https://sourceforge.net/mailarchive/forum.php?thread_name=DA2160C1-09A0-475D-B32A-AF10B712E403%40sshguard.net&forum_name=sshguard-users > > We reflected the reports by updating the setup docs to contain a block > for the 2.x version and one for 3.x , see > > http://www.sshguard.net/docs/setup/getlogs/syslog-ng/ > > However, this change is not apparent in your documentation or changelogs, > and other users reported that with even more recent versions, the "old format" > is again the correct one. syslog-ng can operate in both 2.x compatible mode and 3.x compatible mode. The '@version' header in the syslog-ng configuration file controls which one is used. If someone has no version header, syslog-ng assumes it wants syslog-ng 2.x compatibility. There was no macro related changes in the 3.0 series and still the format with the MSGHDR is the correct one. > > Can you clarify what is the intended template for producing entry tags > of the classic format "Jan 21 12:54:09 examplehost proftpd[18965]: applmsg" > in the different versions? Can you show the user posting that states MSGHDR is the wrong approach to do? I might be able to help troubleshooting it. -- Bazsi |
