Here are some syslog message examples and a snoop I ran: CSS syslog-ng message: 2004.02.18 17:32:05 7 local7 info 7264 NETMAN-6: CLMcmd: sho run service ,gmetelitsa@local Router syslog-ng message: 2004.02.18 17:37:07 NYPRRT10 local7 info 1354469: SLOT 1:Feb 18 17:37:05.268 EST: %SEC-6-IPACCESSLOGP: list 112 denied tcp 127.0.0.1(80) -> 205.241.15.99 When I snoop the line I get this: I didn't include the IP header and UDP header as I don't think its pertinent. CSS syslog payload message: SYSLOG: "<190>FEB 18 11:04:23 7/1 7187 NETMAN-6: CLMcmd: show run own" Router payload message: SYSLOG: "<190>1341226: SLOT 1:Feb 18 11:12:43.016 EST: %SEC-6-IPACCES" The payload does not contain the source IP address for either the CSS or for a router, however, syslog-ng gets the source address/hostname of the router but not the CSS. Also, I see that the message payload structure is quite different between a router and CSS. Nate Campi <nate@campin.net>@lists.balabit.hu on 18 Feb 2004 15:04 Please respond to syslog-ng@lists.balabit.hu Sent by: syslog-ng-admin@lists.balabit.hu To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Cisco CSS Logging **************************************************************************** This message originated from the Internet. Its originator may or may not be who they claim to be and the information contained in the message and any attachments may or may not be accurate. **************************************************************************** On Wed, Feb 18, 2004 at 01:21:19PM -0500, Gary.Metelitsa@us.hsbc.Com wrote:

I'm running syslog-ng 1.6.0rc.1 It is not able to pick up the IP address coming from a Cisco Content Switch (formerly Arrowpoint) generated syslog message. All other routers and switches have their ip address. Regular syslog picks up the IP address field. Has anyone come across this?

Gary, Please supply a log example, I'm not sure what you mean. -- Nate IMHO one should have to pass a test on DNS before publishing a CNAME. ;) - Greg White _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html ************************************************************************ This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ************************************************************************