Hello everyone, and happy holidays!  I came across a weird issue with syslog-ng, and messages coming from the Cisco Wireless Controller devices.  When I use ngrep to do a capture from the wire, the alert looks like this:

<130> Dec 21 19:20:24.474 iapp_socket_task.c:580 IAPP-3-MSGTAG015: iappSocketTask: iappRecvPkt returned error

However, after running through syslog-ng and getting to my syslog file it appears like this (numbers different, message the same):

Dec 21 16:01:27 .839 iapp_socket_task.c:580 IAPP-3-MSGTAG015: iappSocketTask: iappRecvPkt returned error

So, it appears as though syslog-ng is pulling the milliseconds from the alert (the .839 in the second example) and moving it to the 4th token spot, instead of leaving it attached.  Anyone seen this behavior, and more importantly, what do we need to do to fix it?  I am on syslog-ng version 1.6.11.  Thanks in advance!!!

Chris Ivey

Affiliated Computer Services
Enterprise Management Integration Services
Infrastructure Management Senior Analyst

chris.ivey@acs-inc.com

"I have not failed, I have simply found 10,000 ways which do not work!" -- Thomas Edison
"When you find yourself in a hole, the best thing to do is stop digging!" -- Nick Stokes
"I reject your reality, and substitute my own!" -- Adam Savage