syslog format question

Question

syslog format question

Closed this issue a year ago · 2 comments

Hello, i have one question.

I did following configuration with latest commit from master branch for tac_plus-ng.

log dosyslog { 
        destination = 10.10.10.100:514
        syslog facility = local6
        syslog level = debug
        authentication format = "MARKER ${nas}|${user}|${port}|${nac}|${action} ${hint}"
}

authentication log = dosyslog

But I don't see on remote side | in syslog packets.
But if i change destination to destination = syslog in this case everything fine on local syslog.

Any hint of how solve my issue (I need to send logs just like tac_plus did) ?

Answer 1 · 2023-06-13T11:30:19.000Z

Hi Andrej,

I just gave your config snippet a copy-paste try, seems to work for me, almost fine ("authentication format" needs to be prefixed with <${priority}> to keep the packets compliant to the standard). tcpdump displayed the expected over-the-wire format (with "|" separating the fields).

Did you provide your complete logging configuration or are there any other logging statements that might have a side effect and could help me to reproduce the issue?

Cheers,

Marc

Answer 2 · 2023-06-14T08:41:47.000Z

Hello Marc.
Yes, you were right. I looked at tcpdump one more time and now it's clear that messages arrive correctly in the syslog collector itself, but in result syslog wrote it not as expected (i think some kind on filtering).

Sorry to bother you!