On 18.02.2014 21:12, Chris Moody wrote:
I'm running into a case though where I have a Cisco switch sending logs to my log aggregator but the log-server isn't writing the output to the device's spool file. It is working however for many many more devices just like this switch.
I've confirmed via tcpdump that this log traffic does actually hit the box, but it never gets recorded into the log spool for that network device.
Most likely your Cisco device sends logs which are not conforming to syslog standard (as in: format). Try pointing this device to a source() with "flags(no-parse)" set. See Administrator Guide for more details. HTH. -- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D