Did anyone look already into the syslog format for logs?
I mean, currently the format is 2024-02-15T20:24:26+01:00 localhost.localdomain docker/mailcowdockerized-postfix-mailcow-1[3533851]: Feb 15 19:24:26 3c42ed76d77d postfix/postscreen[684]: WHITELISTED [198.2.143.244]:4966, the actual application part would be the second “half” of the logs, after the 2nd date field and this is causing apps like pflogsumm not to be able to process that correctly.
Any help, hint, pointer is welcome!

Thanks!
W.

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

Yeah, the logging is working fine following that guide.
Was just looking at improving/better manage the actual log content.

The above is the default IETF syslog format, it would be very hard to change that. I suggest looking into your pflogsumm configuration as something as simple as that should be working

See signoz.io Icon here

Edit: Your problem is that the message contains the log including the date because the original log is from Docker, I guess your can just filter/ignore that in your software?

Yes, should have phrased that better, maybe: I was checking if someone already managed to “extract” the application log using, possibly, RSyslog templates. 😃

No one is typing