TO : Mr.Panel Hello Vincent. Thank you for the reply. I understand that the non BSD-syslog date format log comes into syslog-ng , it does not operate properly. Could I ask you three questions about this syslog message? It would be a great help if you could afford time answering with these questions. 1. I would like to confirm my thought about this. More specifically, I saw the packet using tshark. And, in the "Message:" area, the properly handled packet always has the process id in its beginning. Like , "128: Jun 09 2009 16:30:19: %SYS-5-CONFIG_I: Configured from console by console" And , no matter what kind of date format was included in the message it was properly parsed in syslog-ng. I thought the reason why it was not parsed correcly, was whether the process id had existed or not in the packet. Am I on the wrong point? I apologize if I was giving a wrong opinion. 2. Just want to confirm if syslog-ng stops processing the destination driver process, whenever it goes messy with the PROGRAM macro? 3. So for now , to escape from syslog-ng being inproper, should I not use the PROGRAM macro? Best Regards, Yu Watanabe Vincent Panel さんは書きました:
On Mon, 2009-07-27 at 14:14 +0900, Yu Watanabe wrote:
Hello all.
I am using syslog-ng v 2.0.5.
However, I am gathering logs from the cisco catalyst switches, but when I tried to use the PROGRAM macro it seems not be working properly.
In Cisco switches , there seems to be messages that program is not included in the message that is sent from the device.
I would like to know how does syslog-ng parses the messages that does not have the PROGRAM name included and what would happen if we use the PROGRAM macro for these message.
Following is the proper message:
Jul 27 13:17:11 l2swtich 128: %SYS-5-CONFIG_I: Configured from console by console **** There are logs that does not have this part.
See https://bugzilla.balabit.com/show_bug.cgi?id=40
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html