28 Mar
2010
28 Mar
'10
6:50 a.m.
On Thu, 2010-03-25 at 18:59 -0600, Patrick H. wrote:
Try adding the 'no-parse' flag to the source. Syslog-ng tries to parse out the headers of the message (like date/time, host, facility, etc), and if it cant figure out the format of the headers, it drops the message.
this is not true, it doesn't drop the message, it creates an 'Error processing message: <msg>' message, in order to see that there was indeed a message coming in. But judging the strace, the format of the message does include Cisco sequence number which is not supported by syslog-ng right now (but as PZolee has stated, we're working on that) -- Bazsi