Hey Bazsi,<br><br>Thanks for the quick reply, great job/service.<br><br>Unforturnately it still doesnt work with the config i pasted:<br>--<br>Jan 19 13:13:45 <hostname> : Jan 19 13:13:44: %SYS-5-CONFIG_I: Configured from console by <username> on vty0 (<ip>)<br>
--<br><br>Martin<br><br><div class="gmail_quote">2010/1/19 Balazs Scheidler <span dir="ltr"><<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Tue, 2010-01-19 at 11:08 +0100, Marty Sørensen wrote:<br>
> Hello ....<br>
><br>
> New user to syslog-ng but still hoping someone can help me with a<br>
> small config example<br>
><br>
> Im forwarding syslog from my syslog-ng but when it arrives it has<br>
> double timestamps/hostname:<br>
> --<br>
> Jan 19 11:02:58 cut-hostname 10.229.5.2 32176: Jan 19 11:02:57: %<br>
> SFF8472-5-THRESHOLD_VIOLATION<br>
> --<br>
<br>
</div>Your Cisco gear is including sequence number in the timestamp which<br>
syslog-ng doesn't recognize.<br>
<br>
That's the "32176: " prefix before the 2nd timestamp. If you disable<br>
that, it'll work.<br>
<br>
I'm planning to add support for this field in the future.<br>
<font color="#888888"><br>
<br>
--<br>
Bazsi<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</font></blockquote></div><br>