This branch has a patch to revert that specific commit, and I've confirmed that it resolves the issue for me, in exchange for not supporting IPV6 addresses in the hostname field.


On Mon, Sep 10, 2018 at 3:55 PM, Balazs Scheidler <bazsi77@gmail.com> wrote:
This patch broke it:

399d565e9857e7cb41253e9a714d5cc6ad4d50fb.

This patch can be reverted easily even on the latest master to resolve the issue.

On Mon, Sep 10, 2018 at 3:16 PM Scheidler, Balázs <balazs.scheidler@oneidentity.com> wrote:
This is probably not it, the syslog-parser() changed some behaviours that changed it.

On Mon, Sep 10, 2018, 13:45 Budai, László <laszlo.budai@oneidentity.com> wrote:
Hi,

in syslog-ng OSE 3.13 [1] we introduced a new feature, called app-parser [2] and the default network network driver is using it.
Maybe that could cause your issue.  If this is the case, then we have another PR [3] which makes it possible to disable the auto-parse (also part of 3.13).

Example:
source s_network {
  default-network-drivers(auto-parse(no));
};

If it not solves your problem then could you share the relevant part of your config?




regards,
Laszlo Budai


On Fri, Sep 7, 2018 at 6:00 PM, Nik Ambrosch <nik@ambrosch.com> wrote:
Recently I upgraded my centralized loghost from 3.9 -> 3.15 and I noticed that some of my cisco devices started being logged in an undesirable format... I don't want to enable the cisco parser because more than just cisco messages get delivered to this interface.  Here are the relevant fields that have changed before/after the upgrade:

syslog-ng 3.9, before upgrade ---
    ${FULLHOST}: "mydevice.com"
    ${PROGRAM}: ""
    message: "%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for..."

syslog-ng 3.15, before upgrade ---
    ${FULLHOST}: ":"
    ${PROGRAM}: "%CRYPTO-4-RECVD_PKT_INV_SPI"
    ${MSG}: "decaps: rec'd IPSEC packet has invalid spi for..."


Is this unintended behavior or a bug?  This particular device is a Cisco 3845 running ios 12.4(22)T4.

Thanks in advance.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq



______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq



--
Bazsi

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq