[syslog-ng] Cisco Catalyst switches
Charles Mattair
cmattair at pdq.net
Fri Dec 14 23:06:54 CET 2007
We've recently started getting traffic from catalyst switches and
it doesn't parse well.
The start of a message looks like:
445750: Dec 14 11:23:27: %SW_MATM-4-MACFLAP_NOTIF: Host 0201.0000.0000 in v...
The event id (445750) looks like a program id (the parser sees everything
else as missing) and the date becomes part of the message text.
Are there any plans to "teach" the parser to recognize this format? We
noticed it recognizes PIX formats with a colon following the date so it
doesn't seem too out of line. If there aren't, we'll generate mods and
submit them.
tnx
More information about the syslog-ng
mailing list