Hello all,
I am receiving the following syslog line from one of devices.
<134>1 1588062776.725141502 C0493 flows allow src=10.0.31.145 dst=9.9.9.9 Mac=F1:37:59:38:BA:F8 protocol=udp sport=50307 dport=53
This line contains a version filed immediately following the priority, and then timestamp is in epoch format as against ISO8601 or other standard format.
I see the following error in syslog-ng log:
[2020-04-28T10:46:15.340911] Outgoing message; message='Apr 28 10:46:15 ip-172-31-240-95 syslog-ng[27873]: Error processing log message: <134>1>@< 1588062776.725141502 C0493 flows allow src=10.0.31.145 dst=9.9.9.9 mac=F1:37:59:38:BA:F8 protocol=udp sport=50307 dport=53'
What could be the possible issue here?
My config is as follows:
##========================================
########################
# Global options
########################
options {keep_hostname (yes); use_dns (no); mark-freq(30);};
########################
# Sources
########################
source s_syslog {
syslog(
transport(udp)
port(514)
max-connections(500)
);
};
########################
# Destinations
########################
destination d_file {
file("/var/log/dump.log");
};
########################
# Log paths
########################
log {
source(s_syslog);
destination(d_file);
flags(flow-control);
};
##========================================
If I check my file /var/log/dump.log, I see that the error line is getting written to it too.
root@ip-172-31-240-95:~# tail -f /var/log/dump.log | grep "Error processing"
Apr 28 10:44:46 ip-172-31-240-95 syslog-ng[27873]: Error processing log message: <134>1>@< 1588062776.725141502 C0493 flows allow src=10.0.31.145 dst=9.9.9.9 mac=F1:37:59:38:BA:F8 protocol=udp sport=50307 dport=53
Apr 28 10:46:15 ip-172-31-240-95 syslog-ng[27873]: Error processing log message: <134>1>@< 1588062776.725141502 C0493 flows allow src=10.0.31.145 dst=9.9.9.9 mac=F1:37:59:38:BA:F8 protocol=udp sport=50307 dport=53
Thanks
Raghu