syslog tag not properly included when writing to unix socket

Which version(s) of Ubuntu does this happen on? What version of Ubuntu are you using? Are you using a PPA?

I got the same bug.

Although I'm using a compiled version of nginx, that might help fix the issue on future releases. I'm using Ubuntu 14.04.1 LTS

nginx sends the package as described in the RFC 3164.

<PRI>HEADER MSG

What happens is the unix rsyslog module generates a new HEADER no matter what the message it gets and removes the timestamp from the header that was sent by the socket client but it doesn't remove the hostname.

So basically what happens is:

Original Message: TIMESTAMP HOSTNAME MSG
Rsyslog adds a new header in the beggining: TIMESTAMP1 HOSTNAME1 TIMESTAMP2 HOSTNAME2 MSG
Then removes the timestamp that was sent by the socket client: TIMESTAMP1 HOSTNAME1 HOSTNAME2 MSG

I'm using nginx 1.7.7. The current version on Ubuntu (1.4.6) doesn't even have syslog support.

Since I'm using a compiled version and only using unix socket (because nginx 1.7.7 doesn't support syslog with TCP) I applied a patch that removes the hostname from nginx syslog message.

I am using also a compiled version of 1.7.7, I switched to UDP/TCP logging to make this work.

Is there any way to change the tag while still sending to /dev/log?

We are using nginx-1.8.0-1 from official nginx repository:

deb http://nginx.org/packages/ubuntu/ trusty nginx

We can confirm this issue, which affects nginx configured unix socket syslog. Please fix it.

@Mihaly:

I'll leave this confirmed, but **this project does not track the nginx.org repository.** Bugs in there go onto NGINX Trac - https://trac.nginx.org/nginx/

All: Please refer to https://trac.nginx.org/nginx/ticket/783. To quote the ticket:

Closing as a duplicate of https://trac.nginx.org/nginx/ticket/677.
See details there.
With syslog-ng, just add flags(expect-hostname) to the corresponding source:
expect-hostname: If the expect-hostname flag is enabled, syslog-ng OSE will assume that the log message contains a hostname and parse the message accordingly. This is the default behavior for TCP sources. Note that pipe sources use the no-hostname flag by default.

----

This is listed upstream as "Not a Bug" and is instead mentioned that you should refer to rsyslog configuration. As a result of Upstream marking this 'not a bug' and closing the dupe ticket as 'works for me', I am closing this ticket. (The exact wording of this ticket was marked as a duplicate, and then that duplicate was closed).