Transparent format with transparentFormatRemoveHeader enabled not working as expected

[Shorty110]

Hi,

in reference to issue #27, the transparent output does not seem to work as expected. I have configured the message format as "transparent" and enabled "Remove Header" but the output appends the graylog hostname to the message. I test with a syslog input and the test command "echo "<86>_sourcehost_ messagetext86" | nc -v -w 0 localhost 1514" from the readme. The message is ingested correctly:

The output sends this: <14>Mar 24 11:02:12 <graylog_fqdn> _sourcehost_ messagetext86 but I would like it to be: <14>Mar 24 11:02:12 _sourcehost_ messagetext86

I'm using graylog 2.5.1 and tried version 3.3.0 and 2.5.1 of the output plugin.

Can you please advise? Thank you.

[huksley]

Apologies for a delay. Not sure what is the expectations you are having.

As far as I understand, when syslog-ng or whatever, receives message over syslog TCP/UPD they mark it as coming from graylog server (i.e. source)

So probably this need to be configured on syslog-ng side. If you solved this problem, please share the solution, thanks!