pattern matching against raw input?
Is there a way to parse against raw input, with syslog-ng? I'm writing patterns for Cisco devices and the PROGRAM macro appears to be gobbling (and then removing) the %FACILITY-SEVERITY-MNEMONIC text, prior to the parser getting access [to the message], for Cisco ASA devices. In other cases, PROGRAM gobbles the log sequence number (from cisco ios) and leaves the date/time and FAC-SEV-MNEMONIC code intact.
Hi Glen, Try setting the flags(no-parse) option on your source (http://www.balabit.com/dl/html/syslog-ng-ose-v3.1-guide-admin-en.html/ch06s0...). That way syslog-ng will put all incoming data into the MESSAGE part without parsing, and add a syslog header (timestamp, etc.). I think that was what you meant. Regards, Robert On Thursday, April 15, 2010 21:09 CEST, Glen Johnson <gfjohnson@alaska.edu> wrote:
Is there a way to parse against raw input, with syslog-ng?
I'm writing patterns for Cisco devices and the PROGRAM macro appears to be gobbling (and then removing) the %FACILITY-SEVERITY-MNEMONIC text, prior to the parser getting access [to the message], for Cisco ASA devices. In other cases, PROGRAM gobbles the log sequence number (from cisco ios) and leaves the date/time and FAC-SEV-MNEMONIC code intact. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Fekete Róbert
-
Glen Johnson