Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syslog ng tcp tls #4856

Open
milank78git opened this issue Mar 18, 2024 · 1 comment
Open

syslog ng tcp tls #4856

milank78git opened this issue Mar 18, 2024 · 1 comment
Labels
question

Comments

@milank78git
Copy link

Version of syslog-ng server 3.18

k8s

have set up a syslog-ng server on TCP TLS, and additional parameters started appearing in my messages. 192.168.219.196 335 <30>1 2024-03-18T15:13:41.000000+01:00 Nas-1 audit_protocol 6691 - - S-1-5-21- ........

What is 192.168.219.196 335 <30>1

Unfortunately, I'm having trouble deciphering what they are.

Pls help

Thanks.
@bazsi
Copy link
Collaborator

bazsi commented Apr 3, 2024

the syslog-ng config you are using would be helpful. The message you are receiving is in the RFC5424 format, with octet counted messages, that's the 335 in front of the message itself.

You are probably using the incorrect source driver, e.g. you should be using syslog(transport(tls)) which will parse this format correctly.

Another question is what kind of destination are you using for the output? The config would help here similarly.

@MrAnno MrAnno added question and removed bug labels May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bazsi @MrAnno @milank78git