[syslog-ng] Cisco Catalyst switches
Balazs Scheidler
bazsi at balabit.hu
Mon Dec 17 15:28:53 CET 2007
please file a bugzilla ticket for this issue, as I don't have time right
now.
Thanks.
On Fri, 2007-12-14 at 16:06 -0600, Charles Mattair wrote:
> We've recently started getting traffic from catalyst switches and
> it doesn't parse well.
>
> The start of a message looks like:
> 445750: Dec 14 11:23:27: %SW_MATM-4-MACFLAP_NOTIF: Host 0201.0000.0000 in v...
>
> The event id (445750) looks like a program id (the parser sees everything
> else as missing) and the date becomes part of the message text.
>
> Are there any plans to "teach" the parser to recognize this format? We
> noticed it recognizes PIX formats with a colon following the date so it
> doesn't seem too out of line. If there aren't, we'll generate mods and
> submit them.
--
Bazsi
More information about the syslog-ng
mailing list