Re: [syslog-ng] non standard syslog messgae!
Hi, The message is not generated from a Cisco device. It is a third party application log which has the format as follow ; " Error Browser (Service 14) Thu May 10 01:52:15 2007 [OM 0] Pid of logging process: 1029 Last Msg ID : JavaMail.root(a).scalix.x.y.com Last Msg DirectRef: 000a4beace41e153 " " How could I convert it into a standard syslog format? Thanks. Regards, Wilson Lai System Engineer IT Dept., SJM Office ( : (853)2978585 Mobile ( : (853)66506709 Email +: : wilsonlai@macausjm.com -----Original Message----- From: syslog-ng-request@lists.balabit.hu [mailto:syslog-ng-request@lists.balabit.hu] Sent: Thursday, September 13, 2007 6:00 PM To: syslog-ng@lists.balabit.hu Subject: syslog-ng Digest, Vol 29, Issue 10 Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..." Today's Topics: 1. Re: syslog-ng Digest, Vol 28, Issue 21 (Balazs Scheidler) ---------------------------------------------------------------------- Message: 1 Date: Wed, 12 Sep 2007 17:06:49 +0200 From: Balazs Scheidler <bazsi@balabit.hu> Subject: Re: [syslog-ng] syslog-ng Digest, Vol 28, Issue 21 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Message-ID: <1189609609.7181.4.camel@bzorp.balabit> Content-Type: text/plain On Fri, 2007-09-07 at 07:26 -0700, Nate Campi wrote:
On Fri, Sep 07, 2007 at 05:26:02PM +0800, Wilson Lai wrote:
Dear all, What happen if the log message is not a standard syslog message? Thanks.
If a Cisco switch sends a message like this: 2005 Aug 23 03:04:05 UTC +00:00 %PAGP-5-PORTFROMSTP:Port 4/16 left bridge port 4/16
...it'll be written to disk like this:
Aug 23 03:04:05 switch.company.com 2005 Aug 23 03:04:05 UTC +00:00 %PAGP-5-PORTFROMSTP:Port 4/16 left bridge port 4/16
syslog servers put in a proper syslog formatted header.
The behavior is documented here:
http://www.faqs.org/rfcs/rfc3164.html
It's not syslog-ng specific behavior.
In fact I've added some Cisco date stamp support, so date stamps of some of the Cisco gear are properly recognized. But Cisco is not using consistent timestamps in their different product lines. -- Bazsi ------------------------------ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng End of syslog-ng Digest, Vol 29, Issue 10 *****************************************
On Fri, 2007-09-14 at 12:03 +0800, Wilson Lai wrote:
Hi, The message is not generated from a Cisco device. It is a third party application log which has the format as follow ; " Error Browser (Service 14) Thu May 10 01:52:15 2007 [OM 0] Pid of logging process: 1029 Last Msg ID : JavaMail.root(a).scalix.x.y.com Last Msg DirectRef: 000a4beace41e153 " " How could I convert it into a standard syslog format? Thanks.
Is this a log file currently? Syslog-ng would convert this multi-line log message as individual log entries, which is probably not what you want. You can use a script or something that makes this look like syslog and then write it to a named pipe or something and have syslog-ng read that. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Wilson Lai