On Fri, 2007-09-07 at 07:26 -0700, Nate Campi wrote:
On Fri, Sep 07, 2007 at 05:26:02PM +0800, Wilson Lai wrote:
Dear all, What happen if the log message is not a standard syslog message? Thanks.
If a Cisco switch sends a message like this: 2005 Aug 23 03:04:05 UTC +00:00 %PAGP-5-PORTFROMSTP:Port 4/16 left bridge port 4/16
...it'll be written to disk like this:
Aug 23 03:04:05 switch.company.com 2005 Aug 23 03:04:05 UTC +00:00 %PAGP-5-PORTFROMSTP:Port 4/16 left bridge port 4/16
syslog servers put in a proper syslog formatted header.
The behavior is documented here:
http://www.faqs.org/rfcs/rfc3164.html
It's not syslog-ng specific behavior.
In fact I've added some Cisco date stamp support, so date stamps of some of the Cisco gear are properly recognized. But Cisco is not using consistent timestamps in their different product lines. -- Bazsi