Hi, I think you have missed what I have set out to accomplish, digesting and log analysis is not the problem I'm solving[1] * Clayton Dukes <cdukes@gmail.com> [2011-03-07 08:40:55-0500]:
Cisco messages are easy to log than most IMHO.
The sequence number and scattering of '*'/'.' infront of the timestamp makes it anything but easy to log; especially if you want to trust the sending host's timestamp and have all your output logs in a *standard* format[2]. Cisco devices do *not* send messages in a format syslog-ng cannot parse directly (or not one I have found). Why does IOS sometimes put a '.' infront of the date and other times does not? The only helpful bit I got from your whitepaper is now I know what '*' means, no idea why you did not just append '+02:30' or whatever on the date instead? I'm trying to normalise the cruft IOS sends me, not analyse it. Once it is in a standard format I can use generic shell/perl scripts to parse the contents, rather than custom Cisco-only scripts. Cheers [1] I actually prefer a daily cronjob of various types of 'catches of the day', generated from awk/perl scripts that get dumped into my mailbox. For example, 'top ten' egress user IP's appearing in the firewall. This is just how I like to butter by bread though :) [2] I really like the output from "$ISODATE $FULLHOST <$FACILITY.$PRIORITY> $MSGHDR$MSGONLY" -- Alexander Clouter .sigmonster says: Thank God I'm an atheist.