Along those same lines, the Cisco MDS series of SAN switches (along with IOS-XR, I'm told) sends non-RFC dates like "2010 Jan 01 00:00:01" instead of "Jan 01 2010 00:00:01" as per the RFC. Rewriting seems impossible since the macro fields for $PROGRAM and $MSG aren't populated correctly to begin with. If support for that wacky date format could be added, that would be great. Thanks, Martin On Tue, Jan 19, 2010 at 6:16 AM, Marty Sørensen <buzzwork@gmail.com> wrote:
Hey Bazsi,
Thanks for the quick reply, great job/service.
Unforturnately it still doesnt work with the config i pasted: -- Jan 19 13:13:45 <hostname> : Jan 19 13:13:44: %SYS-5-CONFIG_I: Configured from console by <username> on vty0 (<ip>) --
Martin
2010/1/19 Balazs Scheidler <bazsi@balabit.hu>
On Tue, 2010-01-19 at 11:08 +0100, Marty Sørensen wrote:
Hello ....
New user to syslog-ng but still hoping someone can help me with a small config example
Im forwarding syslog from my syslog-ng but when it arrives it has double timestamps/hostname: -- Jan 19 11:02:58 cut-hostname 10.229.5.2 32176: Jan 19 11:02:57: % SFF8472-5-THRESHOLD_VIOLATION --
Your Cisco gear is including sequence number in the timestamp which syslog-ng doesn't recognize.
That's the "32176: " prefix before the 2nd timestamp. If you disable that, it'll work.
I'm planning to add support for this field in the future.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html