https://bugzilla.balabit.com/show_bug.cgi?id=40 Summary: Cisco ASA format is not understood Product: syslog-ng Version: 3.0.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: vincent.panel@telindus.be Type of the Report: --- Estimated Hours: 0.0 Syslog-ng receives messages like this from Cisco ASA devices : <PRI>MM DD YYYY HH:mm:ss HOSTNAME %MSGID: CONTENT "YYYY" part is not conform to BSD-style syslog timestamp : it shouldn't exist. Unfortunately, it can't be changed on the ASA side. Syslog-ng does not see any header in this message and think "MM" is the process sending the message, hence adds ":" behind it. Additionnaly, syslog-ng prepends its own header which leads to a total mess in the destination syslog... On the other hand, syslog-ng also receives messages from another Cisco device (FWSM) like this : <PRI>MM DD YYYY HH:mm:ss %MSGID: CONTENT Note the hostname is not specified. And this format is well understood by syslog-ng (no prepended header, no ":" after the month) ! I've also read here : http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch02s17.ht... syslog-ng should be able to understand "PIX extended format" but I can't find anywhere in the documentation nor on the internet what it refers to... So would it be possible to make sure the first format is well understood by syslog-ng ? Regards, Vincent Panel -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.