5 Apr
2019
5 Apr
'19
1:58 p.m.
Hi, It seems your setup incorrectly parses the "syslog" messages. The latest syslog-ng versiosn have improved Cisco parsing code, so I suggest you try those first. In any case, I can see two problems with your filter:
filter f_trash { match(SNMP-3-RESPONSE_DELAYED value(MSGHDR)); and
match(NTP Receive dropping message value(MSG))};
1. it matches only messages with both "SNMP" and "NTP" strings, which is not what you seem to want. 2. "SNMP" seems to be in the MSG macro instead, although I can't be sure 3. use quotes in the match() argument Cheers