Menu
▾
▴
Re: [Sshguard-users] [syslog-ng] syslog-ng MSGHDR
|
From: Arne R. <arn...@go...> - 2010-01-22 16:03:11
|
As I understand, to use $MSGHDR$MESSAGE with syslog-ng 3.x there has to be a version 3 header in the config file, otherwise it has to be $MESSAGE because of version 2 compatibility. So the version 3 header is missing in the sshguard config example. 2010/1/22 Balazs Scheidler <ba...@ba...>: > On Fri, 2010-01-22 at 09:43 +0100, Mij wrote: >> Dear syslog-ng folks, >> >> I am the maintainer of sshguard, see http://www.sshguard.net . >> Sshguard can be interfaced with syslog-ng. Multiple users of syslog-ng >> recently reported that switching to 3.x required a configuration change >> for preserving the original logging format, see >> >> https://sourceforge.net/mailarchive/forum.php?thread_name=EE040D72-0185-41EB-BECE-DED8C0272EDB%40sshguard.net&forum_name=sshguard-users >> https://sourceforge.net/mailarchive/forum.php?thread_name=DA2160C1-09A0-475D-B32A-AF10B712E403%40sshguard.net&forum_name=sshguard-users >> >> We reflected the reports by updating the setup docs to contain a block >> for the 2.x version and one for 3.x , see >> >> http://www.sshguard.net/docs/setup/getlogs/syslog-ng/ >> >> However, this change is not apparent in your documentation or changelogs, >> and other users reported that with even more recent versions, the "old format" >> is again the correct one. > > syslog-ng can operate in both 2.x compatible mode and 3.x compatible > mode. The '@version' header in the syslog-ng configuration file controls > which one is used. > > If someone has no version header, syslog-ng assumes it wants syslog-ng > 2.x compatibility. > > There was no macro related changes in the 3.0 series and still the > format with the MSGHDR is the correct one. > >> >> Can you clarify what is the intended template for producing entry tags >> of the classic format "Jan 21 12:54:09 examplehost proftpd[18965]: applmsg" >> in the different versions? > > Can you show the user posting that states MSGHDR is the wrong approach > to do? I might be able to help troubleshooting it. > > -- > Bazsi > > > ------------------------------------------------------------------------------ > Throughout its 18-year history, RSA Conference consistently attracts the > world's best and brightest in the field, creating opportunities for Conference > attendees to learn about information security's most important issues through > interactions with peers, luminaries and emerging and established companies. > http://p.sf.net/sfu/rsaconf-dev2dev > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > |
