Using Ubuntu 10.04.4 LTS and Squid3 I want to log to syslog-ng
Edited /etc/squid3/squid.conf and added the following line:
access_log syslog squid
Logs are being written but the program name "squid" is being added in brackets, while for other logs the program name isn't
Jul 25 17:26:23 ubuntuserver kernel:
Jul 25 17:26:24 ubuntuserver named[1231]:
Jul 25 16:17:56 ubuntuserver (squid):
I assume this is squid3 telling syslog-ng "my program name is (squid)" and am unable to find anywhere to configure this differently as I would like to remove the brackets.
In syslog-ng's conf I've had a play with outputting the log and the $PROGRAM macro definitely contains the brackets too, which indicates it is coming from squid as this page indicates the below: http://www.balabit.com/sites/default/files/documents/syslog-ng-admin-guide_en.html/reference_macros.html
PROGRAM: The name of the program sending the message. Note that the
content of the $PROGRAM variable may not be completely trusted as it
is provided by the client program that constructed the message.
How can I remove the brackets?
Best Answer
You can use a rewrite rule to fix up the program name anyway you want it: