Linux Syslog Server Format

0
votes

I am creating a syslog formatted message according to RFC3164 and sending it to my linux default syslog server which is listining of port 514.

The message i am sending is 

<187>Nov 19 02:58:57 nms-server6 %cgmesh-2-outage: Outage detected on this device

I open a socket, make a datagram packet and send this packet on that socket.

Now in the var/log/syslog.log which i have configured to receive all the syslog messages as . /var/log/syslog.log

I am getting this extra hostname getting inserted by the server automatically as show below

Nov 19 02:58:57 nms-server6 nms-server6 %cgmesh-2-outage: Outage detected on this device

as you see nms-server6 is getting repeated twice while i am sending it just once...so somehow the server is inserting it by default.. can some one share some knowledge on this ?

1
syslogrsyslog
might depend on the implementation. What syslog server is running on your Linux server? - gravyface

1 Answers

0
votes

Are you adding the hostname in your message? If so, I don't think that's necessary as the hostname will be taken from the packet - which would explain the duplication.

Also, as a side note - it's nice that you've added the %fac-sev-mnemonic: portion, but that is not a standard, it's used by Cisco devices.

Here's a link to a good whitepaper that covers Cisco Mnemonics (and syslog management): Building Scalable Syslog Management Solutions: http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html