<p dir="ltr">Can you publish those publicly as well? Building something into syslog-ng to do this out of the box is also in my plans, and when I get there this info would be useful.</p>
<p dir="ltr">Thanks</p>
<div class="gmail_quote">On Jun 9, 2016 16:14, "Evan Rempel" <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>*RANT ON*<br>
<br>
cisco logging is the worst. For instance, the * at the beginning
of the line indicates that the clock on the device is not
synchronized with an external time clock. Great new cisco, but now
it is not a valid time stamp!<br>
<br>
*RANT OFF*<br>
<br>
We use a pattern database to rewrite poor logs prior to doing
anything else with the logs.<br>
There also is not a valid program name in this syslog line, so we
take the %XXXX-N-YYYY: part of the line and turn it into a program
name of cisco_XXXX<br>
<br>
One of our tansformed lines of the same kind looks like<br>
<br>
<br>
2016-06-09T07:17:23-07:00 device.hostname.domain local7.notice
cisco_LINEPROTO: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/4, changed state to up<br>
<br>
If you are interested in this contact me off-list and I can
provide the rewrite pattern database and the syslog-ng
configuration snippet that uses it.<br>
We also have rewrites for netapp, ddn disk, zone minder, Intel
True Scale switches and OpenManage Server Administrator.<br>
<br>
Evan.<br>
<br>
<br>
On 06/09/2016 02:59 AM, Nutan Shinde wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Following is the syslog message received from Cisco router
:</div>
<div><br>
</div>
<div><span style="background-color:rgb(153,153,153)">*Mar 1
09:30:25.249 UTC: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Tunnel2, changed state to down</span><br>
</div>
<div><br>
</div>
<div>As, you can see UTC is included in the above timestamp.
That is why value of $PROGRAM is UTC and $MSGONLY is
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2,
changed state to down.</div>
<div><br>
</div>
<div>What should I include in the syslog-ng.conf so that time
zone is ignored?</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<p><br>
</p>
<pre cols="500">--
Evan Rempel</pre>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>