© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I got the same bug.
Although I'm using a compiled version of nginx, that might help fix the issue on future releases. I'm using Ubuntu 14.04.1 LTS
nginx sends the package as described in the RFC 3164.
<PRI>HEADER MSG
What happens is the unix rsyslog module generates a new HEADER no matter what the message it gets and removes the timestamp from the header that was sent by the socket client but it doesn't remove the hostname.
So basically what happens is:
Original Message: TIMESTAMP HOSTNAME MSG
Rsyslog adds a new header in the beggining: TIMESTAMP1 HOSTNAME1 TIMESTAMP2 HOSTNAME2 MSG
Then removes the timestamp that was sent by the socket client: TIMESTAMP1 HOSTNAME1 HOSTNAME2 MSG
I'm using nginx 1.7.7. The current version on Ubuntu (1.4.6) doesn't even have syslog support.
Since I'm using a compiled version and only using unix socket (because nginx 1.7.7 doesn't support syslog with TCP) I applied a patch that removes the hostname from nginx syslog message.