<div dir="auto">Yup, I might even add this use case to my latedt application parsers framewrok.</div><div class="gmail_extra"><br><div class="gmail_quote">On Nov 15, 2017 17:57, "Kókai Péter" <<a href="mailto:peter.kokai@balabit.com">peter.kokai@balabit.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>It would be really useful if you could share it (Y).</div><div><br></div><div>Kokan</div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Nov 15, 2017 at 5:18 PM Evan Rempel <<a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_-6223846521663224332m_755489706249316649moz-cite-prefix">Answered out of band because the
details are messy.<br>
If there is sufficient interest I can clean it up and post it to
the list.</div></div><div text="#000000" bgcolor="#FFFFFF"><div class="m_-6223846521663224332m_755489706249316649moz-cite-prefix"><br>
<br>
Evan.</div></div><div text="#000000" bgcolor="#FFFFFF"><div class="m_-6223846521663224332m_755489706249316649moz-cite-prefix"><br>
<br>
On 11/15/2017 04:26 AM, Scot wrote:<br>
</div></div><div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<div dir="ltr">Thanks Evan,
<div>Didn't see much in term of cisco documentation of the
format. Is that 1st number in the message header unique to
each message and do you share patterns ?</div>
<div><br>
</div>
<div>Scot</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 14, 2017 at 8:36 PM, Evan
Rempel <span dir="ltr"><<a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">At our
side we used a patterndb to unwrap the ACS logs into single
long line messages. These long lines seem to be wrapped at
the source (Cisco device) before sending to the syslog
server.<br>
<br>
Evan.
<div>
<div class="m_-6223846521663224332m_755489706249316649h5"><br>
<br>
On 11/14/2017 02:03 PM, Scot wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Has anyone worked with ACS logs and solved the
message header limit ?<br>
We can get syslog working but as expected the message
gets truncated.<br>
<br>
Local logs on the ACS have the entire payload.<br>
<br>
Thinking there may be a way to script a log fetch or
something.<br>
<br>
Thanks</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<p><br>
</p>
</div>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div></div>