The best would be to write a cisco mnemonic parser that would transform that stuff to name-value pairs. Also we've used the program name portion in patterndb to parse out those. iirc it starts with % ----- Original message -----
Does anyone have a pre build set of patterns/rewrite rule to rewrite all cisco logs into something that is a little more compliant?
We are trying to use a master pattern database to identify/classify messages, but the cisco logs don't have usable "program names" so the pattern database can't even get started :-(
Thanks for any pointers.
-- Evan ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq