I thought I would record this in case it helps someone (probably future-me).
I have other devices that send to my AX88U as a remote log server. Those include other Asus routers running Asus-Merlin, and they include some devices running syslog-ng (two TrueNAS servers). I've long puzzled why messages sent by syslog-ng end up looking like this:
You can see the normal time stamp, the host and then the full message including the original time stamp.
I found, in order to reformat these messages, I had to invoke the default parser explicitly, break the message apart, and put it back together:
Then I get a more familiar message:
I have other devices that send to my AX88U as a remote log server. Those include other Asus routers running Asus-Merlin, and they include some devices running syslog-ng (two TrueNAS servers). I've long puzzled why messages sent by syslog-ng end up looking like this:
Code:
Jan 30 00:10:00 truenas-main 1 2023-01-30T00:10:00.003185-05:00 truenas-main.local /usr/sbin/cron 22084 - - (root) CMD (/usr/libexec/atrun)
I found, in order to reformat these messages, I had to invoke the default parser explicitly, break the message apart, and put it back together:
Code:
parser {
syslog-parser();
};
template("${R_DATE} ${HOST} ${PROGRAM} ${MESSAGE}\n")
Code:
Feb 26 01:05:00 truenas-main.local /usr/sbin/cron 75743 - - (root) CMD (/usr/libexec/atrun)