Hi,in syslog-ng OSE 3.13 [1] we introduced a new feature, called app-parser [2] and the default network network driver is using it.Maybe that could cause your issue. If this is the case, then we have another PR [3] which makes it possible to disable the auto-parse (also part of 3.13).Example:source s_network {
default-network-drivers(auto-parse(no));
};
syslog-ng 3.9, before upgrade ---
${FULLHOST}: "mydevice.com"
${PROGRAM}: ""
message: "%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for..."
syslog-ng 3.15, before upgrade ---
${FULLHOST}: ":"
${PROGRAM}: "%CRYPTO-4-RECVD_PKT_INV_SPI"
${MSG}: "decaps: rec'd IPSEC packet has invalid spi for..."
Is this unintended behavior or a bug? This particular device is a Cisco 3845 running ios 12.4(22)T4.
Thanks in advance.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq