[syslog-ng] Invalid parsing of syslog messages having timezone

Scheidler, Balázs balazs.scheidler at balabit.com
Fri Jun 10 09:02:38 CEST 2016 

Can you publish those publicly as well? Building something into syslog-ng
to do this out of the box is also in my plans, and when I get there this
info would be useful.

Thanks
On Jun 9, 2016 16:14, "Evan Rempel" <erempel at uvic.ca> wrote:

> *RANT ON*
>
> cisco logging is the worst. For instance, the * at the beginning of the
> line indicates that the clock on the device is not synchronized with an
> external time clock. Great new cisco, but now it is not a valid time stamp!
>
> *RANT OFF*
>
> We use a pattern database to rewrite poor logs prior to doing anything
> else with the logs.
> There also is not a valid program name in this syslog line, so we take the
> %XXXX-N-YYYY: part of the line and turn it into a program name of cisco_XXXX
>
> One of our tansformed lines of the same kind looks like
>
>
> 2016-06-09T07:17:23-07:00 device.hostname.domain local7.notice
> cisco_LINEPROTO: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet1/0/4, changed state to up
>
> If you are interested in this contact me off-list and I can provide the
> rewrite pattern database and the syslog-ng configuration snippet that uses
> it.
> We also have rewrites for netapp, ddn disk, zone minder, Intel True Scale
> switches and OpenManage Server Administrator.
>
> Evan.
>
>
> On 06/09/2016 02:59 AM, Nutan Shinde wrote:
>
> Hi,
>
> Following is the syslog message received from Cisco router :
>
> *Mar  1 09:30:25.249 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Tunnel2, changed state to down
>
> As, you can see UTC is included in the above timestamp. That is why value
> of $PROGRAM is UTC and $MSGONLY is %LINEPROTO-5-UPDOWN: Line protocol on
> Interface Tunnel2, changed state to down.
>
> What should I include in the syslog-ng.conf so that time zone is ignored?
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
> --
> Evan Rempel
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160610/6e3978d5/attachment.htm

More information about the syslog-ng mailing list