Many thanks to all, It is healthy discussion to not how we can alter syslog-ng.conf and apparently not need to run suseconfig in 10.2. Yes the documentation mentions nothing about editing the files content and the need (prior to 10.2) to make the change permanent. It is also difficult to apply logic when you go from the documentation to the default syslog-ng.conf file. In essence the current syslog-ng.conf is syntax inverse to that of the docs. Defining the destination line first before the source as seen in syslog-ng.conf really screws with your logic when you are trying to learn. Hopefully there will be a review of the syslog-ng/docs soon. Its a bit messy in that directory. With respect to data formatting, yes you are correct. I firstly need raw data and I will learn more 1 step at a time. Thanks to all for the commitment in their time - I will let you know how I get on. Once I get the corrected - This will permit me to get rid of my dependants on a MS$ PC, just to view that raw data in real time - more on that later. Cheers and Good Day 11:20 GMT +10 Darryl Gregorash wrote:
On 2007-05-20 11:17, Carlos E. R. wrote:
The Sunday 2007-05-20 at 09:06 -0600, Darryl Gregorash wrote:
I don't think that's possible. The data is timestamped and formatted locally by the daemon. But I haven't tried, anyway.
Actually, you can format the log file almost any way you want it, otherwise I suspect you get a default format. See
I wasn't much aware of that, but I understand he wants it "raw", not formatted; or rather, in the format that the remote machine sends the messages.
I am certain Jan Englehardt or someone posted all that stuff some time ago, perhaps in response to the OP's original query on this.
He posted the raw format of one of the messages, but I forget what it was, and am not really inclined to go looking. The thing Scott (OP) needs to do now is just let it run, look at the format of the output log file, and start adjusting his syslog-ng.conf until he gets what he wants. Alternatively, he can use the various commands in the documentation to experiment right from the start, without trying the default format to see if it is what he wants.
First things first, though -- he has to get his conf file right.