Syslog not logging remote host

Issue is not in receiving log entries. I enabled NetworkListener just fine, like it had been done in Snow Leopard. The issue is in what I get into log:

Dec 2 21:11:36 kernel: Unknown: 5 cmdlinepart partitions found on MTD device ar7100-nor0

Dec 2 21:11:36 kernel: Creating 5 MTD partitions on "ar7100-nor0":

Dec 2 21:11:36 kernel: 0x00000000-0x00040000 : "uboot"

Dec 2 21:11:36 kernel: 0x00040000-0x00050000 : "Config"

Dec 2 21:11:36 kernel: 0x00050000-0x00150000 : "vmlinux"

Dec 2 21:11:36 kernel: 0x00150000-0x00660000 : "rootfs"

Dec 2 21:11:36 kernel: 0x00660000-0x00670000 : "caldata"

Dec 2 21:11:36 kernel: Unknown: ClusterIP Version 0.8 loaded successfully

As you can see, there's no host information.

I tested further by starting syslogd with -d (for debug):

udp_in: fd 5 recvfrom 192.168.0.1 len 114

asl_input_parse: <30>avahi-daemon[28895]: Joining mDNS multicast group on interface br0.IPv6 with address fe80::218:e7ff:fedf:58c1.

udp_in: fd 5 recvfrom 192.168.0.1 len 66

asl_input_parse: <30>avahi-daemon[28895]: New relevant interface br0.IPv6 for mDNS.

udp_in: fd 5 recvfrom 192.168.0.1 len 101

asl_input_parse: <30>avahi-daemon[28895]: Joining mDNS multicast group on interface br0.IPv4 with address 192.168.0.1.

udp_in: fd 5 recvfrom 192.168.0.1 len 66

asl_input_parse: <30>avahi-daemon[28895]: New relevant interface br0.IPv4 for mDNS.

udp_in: fd 5 recvfrom 192.168.0.1 len 65

asl_input_parse: <30>avahi-daemon[28895]: Network interface enumeration completed.

Debug output is identical to what I get in Snow Leopard.

Avahi isn't running on the Mac, but on D-Link router. Those entries are from the router, as received by syslogd running on Mac, OS X 10.8.

I'll try to clarify the setup here:

Router, D-Link DIR-825, is running D-Link firmware. It's a system based on Linux kernel. I configure it to log to a remote syslog server, namely a Mac.

Formerly I directed logging to a Mac running Snow Leopard. I had enabled network logging as has been instructed in many posts here: adding NetworkListener to /System/Library/LaunchDaemons/com.apple.syslogd.plist (by uncommenting the lines):

<key>NetworkListener</key>

<dict>

<key>SockServiceName</key>

<string>syslog</string>

<key>SockType</key>

<string>dgram</string>

</dict>

Now I have new Mac Mini running Mountain Lion (OS X 10.8). Above mentioned plist was in binary format, so I converted it to xml first (plutil -convert xml1) and then added the entry. This enabled syslogd to receive log entries from remote system.

The problem: in OS X 10.8 the entries lack host, and thus I can't filter them. Not by means of asl.conf (eg. ? [ = H 192.168.0.1 ] ) nor in Console.app ("Host is equal to 192.168.0.1") nor with syslog (eg. -k Host 192.168.0.1). Even worse, sender is interpreted as host, so if I try "syslog -k Host kernel:" I get kernel messages from the router.

Also, separate files aren't depracated by any means yet. syslog.log and many other files exist, using bsd syslog format. What's written to these is configured in asl.conf, with entries like

# kernel messages get saved in system.log

? [= Sender kernel] file /var/log/system.log mode=0600 gid=80 format=bsd

(above snippet from OS X 10.8 asl.conf as it is, without me having made any changes)

I'm not concerned about having the log entries in specific file, just about being able to filter them in Console.app or with syslog command.

That's the problem. Hostname (or IP) isn't there (see log excerpt in earlier post).

Everything works in Snow Leopard, but not in Mountain Lion. Is there some new configuration I need to do to get remote host logged?

Excerpt from "syslog -F raw":

[ASLMessageID 406895] [Time 1354483181] [TimeNanoSec 0] [Level 6] [PID 4294967295] [UID 4294967294] [GID 4294967294] [ReadGID 80] [Host avahi-daemon[29239]:] [Sender Registering new address record for fe80] [Facility daemon] [Message :218:e7ff:fedf:58c1 on br0.*.]

That is, host is not recorded by syslogd when receiving log entries from network, and as these are stored in syslog.log in bsd format (as per asl.conf defaults), reading them with assumption of hostname causes sender to be noted as host, with rest of the line parsed incorrectly as well.

Added excerpt from syslog -F raw command output.