[syslog-ng]FW: syslog-ng-1.6.0rc3 - problem with incorrect separation of syslog
messages from Cisco PIX
email lists
syslog-ng@lists.balabit.hu
Sun, 11 May 2003 18:24:17 +1000
Just realised the example tha were provided only contain IPSec SA data -
apoologies, but I think you get the idea.
Darten
-----Original Message-----
From: email lists
Sent: Sunday, 11 May 2003 6:06 PM
To: 'syslog-ng@lists.balabit.hu'
Subject: syslog-ng-1.6.0rc3 - problem with incorrect separation of
syslog messages from Cisco PIX
<snip>
May 10 11:51:02 192.168.100.252 May 10 2003 01:51:02: %PIX-7-702301:
lifetime expiring, (sa) sa_dest= 10.0.0.1, sa_prot= 50, sa_spi=
0xe859748d(3898176653), sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1,
(identity) local= 10.0.0.1, remote= 10.1.1.1, local_proxy= 192<166>May
10 2003 01:51:02: %PIX-6-602302: deleting SA, (sa) sa_dest= 10.0.0.1,
sa_prot= 50, sa_spi= 0xe859748d(3898176653), sa_trans= esp-3des
esp-md5-hmac , sa_conn_id= 1
The same syslog message SQL formated to file - same template as
program():
BEGIN; INSERT INTO rawlogs (host, datetime, facility, priority, level,
tag, program, msg) VALUES ('192.168.100.252', '2003-05-10 11:51:02',
'local4', 'debug', 'debug', 'a7', 'May', 'May 10 2003 01:51:02:
%PIX-7-702301: lifetime expiring, (sa) sa_dest= 10.0.0.1, sa_prot= 50,
sa_spi= 0xe859748d(3898176653), sa_trans= esp-3des esp-md5-hmac ,
sa_conn_id= 1, (identity) local= 10.0.0.1, remote= 10.1.1.1,
local_proxy= 192<166>May 10 2003 01:51:02: %PIX-6-602302: deleting SA,
(sa) sa_dest= 10.0.0.1, sa_prot= 50, sa_spi= 0xe859748d(3898176653),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 1'); COMMIT;
<snip>