m-kress
commented
6 months ago Do you have an example, what syslog message sent to /dev/log gets ignored?
The only doc regarding the syntax seems to be the code. What exactly is the issue?
Open l29ah opened 7 months ago
m-kress
commented
6 months ago Do you have an example, what syslog message sent to /dev/log gets ignored?
The only doc regarding the syntax seems to be the code. What exactly is the issue?
l29ah
commented
6 months ago My real issue is https://github.com/haskell-hvr/hslogger/issues/17 (that is also not-RFC5424 tho). I don't have an example at hand rn.
m-kress
commented
6 months ago It would be very helpful having an example that works with syslog-ng and not with metalog. In metalog.c that line might get eliminated in parseLogLine()
l29ah
commented
6 months ago Built an example from that issue report, it yields this in strace: [pid 5717] sendto(16, "<11>: [/ERROR] This won't show up with metalog.\0", 48, 0, NULL, 0) = 48.
m-kress
commented
6 months ago It seems as metalog expects a ":" after the [xyz], e.g.
<11>: [/ERROR]: This might show up with metalog Obviously metalog has been loosely written for RFC3164 (BSD syslog).l29ah
commented
6 months ago Adding a ":" doesn't change the behavior it seems.
m-kress
commented
2 months ago You could test again with ": " (space after colon). Metalog works like described in RFC3164, not like the predecessor RFC5424. Please also look at the other issue https://github.com/hvisage/metalog/issues/32
metalog seems to ignore syslog messages sent to /dev/log that satisfy the RFC.
Is there a doc on what kind of syntax does metalog actually expect?