[syslog-ng]Problems with Netscreen log entries

[Balazs Scheidler]

On Mon, 2004-08-09 at 15:20, Paul Mindeman wrote:
> Running sylog-ng 1.6.4 on Solaris 9
> 
> Log entries from my UNIX devices log fine.  Log entries from my 
> Netscreen devices seem to be missing the end of line terminator, as the 
> entries run together in the log file.  The default syslog daemon was 
> able to handle these entries fine.  Any ideas on how to fix this?
> 
> The options in the syslog-ng.conf file are:
> 
> options { sync (0);
>            time_reopen (10);
>            log_fifo_size (1000);
>            long_hostnames (off);
>            use_dns (no);
>            use_fqdn (no);
>            create_dirs (no);
>            keep_hostname (yes);
>          };

Can you give me an tcpdump snippet to see how a netscreen log message is
formatted? Please make sure that you snap the complete packet (-s
option).

tcpdump -xXpeni ethX  port 514 and udp

should do the trick.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1