[syslog-ng] Syslog-ng Event Parsing Question
Stringfellow, William G
william.stringfellow at eds.com
Fri Aug 12 03:42:44 CEST 2005
I am running syslog-ng version 1.6.4 in place of syslogd on Solaris 8.
Getting the following results when receiving syslog events with an
embedded dash '-':
Actual Event
Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10 05:15:21.204
R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowed -Traceback=
253274 253414 252B98 2524FC E97CC E75D4 E9974 124DDC
Shows up in Syslog log as
Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10 05:15:21.204
R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowed
Aug 10 04:15:22 <Device Name A>.<Domain Name> 4845: -Traceback= 253274
253414 252B98 2524FC E97CC E75D4 E9974 124DDC
Actual Event
May 6 10:04:45 <Device Name B>.<Domain Name> 40: May 6 07:04:44:
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x61180434
-Process= \"DLSw msg proc\", ipl= 0, pid= 62 -Traceback= 6035CF34
6035E4A8 60709AE0 607067DC 60706370 607359A0 6072BDB8 6072911C 60716EE4
607147A8 602616E4 602616D0
Shows up in Syslog log as
May 6 10:04:45 <Device Name B>.<Domain Name> 40: May 6 07:04:44:
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x61180434
May 6 10:04:45 <Device Name B>.<Domain Name> 41: -Process= \"DLSw msg
proc\", ipl= 0, pid= 62
May 6 10:04:45 <Device Name B>.<Domain Name> 42: -Traceback= 6035CF34
6035E4A8 60709AE0 607067DC 60706370 607359A0 6072BDB8 6072911C 60716EE4
607147A8 602616E4 602616D0
Anyone have an answer as to why it is splitting up the Syslog
events this way, and if so, how do you correct it?
Also, is there a search function for the archives? Visually
looking through month after month put me to sleep pretty quickly!
Thanks
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050811/bcffab86/attachment.html
More information about the syslog-ng
mailing list