Yup, I might even add this use case to my latedt application parsers framewrok. On Nov 15, 2017 17:57, "Kókai Péter" <peter.kokai@balabit.com> wrote:
Hello,
It would be really useful if you could share it (Y).
Kokan
On Wed, Nov 15, 2017 at 5:18 PM Evan Rempel <erempel@uvic.ca> wrote:
Answered out of band because the details are messy. If there is sufficient interest I can clean it up and post it to the list.
Evan.
On 11/15/2017 04:26 AM, Scot wrote:
Thanks Evan, Didn't see much in term of cisco documentation of the format. Is that 1st number in the message header unique to each message and do you share patterns ?
Scot
On Tue, Nov 14, 2017 at 8:36 PM, Evan Rempel <erempel@uvic.ca> wrote:
At our side we used a patterndb to unwrap the ACS logs into single long line messages. These long lines seem to be wrapped at the source (Cisco device) before sending to the syslog server.
Evan.
On 11/14/2017 02:03 PM, Scot wrote:
Hi,
Has anyone worked with ACS logs and solved the message header limit ? We can get syslog working but as expected the message gets truncated.
Local logs on the ACS have the entire payload.
Thinking there may be a way to script a log fetch or something.
Thanks
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq