<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="generator" content="Osso Notes">
    <title></title></head>
<body>
<p>The best would be to write a cisco mnemonic parser that would transform that stuff to name-value pairs.
<br>
<br>Also we've used the program name portion in patterndb to parse out those. iirc it starts with %
<br>
<br>----- Original message -----
<br>&gt; 
<br>&gt; Does anyone have a pre build set of patterns/rewrite rule to rewrite all
<br>&gt; cisco logs into something that is a little more compliant?
<br>&gt; 
<br>&gt; We are trying to use a master pattern database to identify/classify
<br>&gt; messages, but the cisco logs don't have usable "program names" so the
<br>&gt; pattern database can't even get started :-(
<br>&gt; 
<br>&gt; Thanks for any pointers.
<br>&gt; 
<br>&gt; -- 
<br>&gt; Evan
<br>&gt; ______________________________________________________________________________
<br>&gt; Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
<br>&gt; Documentation:
<br>&gt; <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a> FAQ:
<br>&gt; <a href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
<br>&gt; 
<br><br></p>
</body>
</html>