[syslog-ng] Cisco Syslog: Wireless Controller Messages
Ivey, Chris
Chris.ivey at acs-inc.com
Fri Dec 21 20:41:20 CET 2007
Hello everyone, and happy holidays! I came across a weird issue with
syslog-ng, and messages coming from the Cisco Wireless Controller devices.
When I use ngrep to do a capture from the wire, the alert looks like this:
<130> Dec 21 19:20:24.474 iapp_socket_task.c:580 IAPP-3-MSGTAG015:
iappSocketTask: iappRecvPkt returned error
However, after running through syslog-ng and getting to my syslog file it
appears like this (numbers different, message the same):
Dec 21 16:01:27 .839 iapp_socket_task.c:580 IAPP-3-MSGTAG015:
iappSocketTask: iappRecvPkt returned error
So, it appears as though syslog-ng is pulling the milliseconds from the
alert (the .839 in the second example) and moving it to the 4th token spot,
instead of leaving it attached. Anyone seen this behavior, and more
importantly, what do we need to do to fix it? I am on syslog-ng version
1.6.11. Thanks in advance!!!
Chris Ivey
Affiliated Computer Services
Enterprise Management Integration Services
Infrastructure Management Senior Analyst
chris.ivey at acs-inc.com
"I have not failed, I have simply found 10,000 ways which do not work!" --
Thomas Edison
"When you find yourself in a hole, the best thing to do is stop digging!" --
Nick Stokes
"I reject your reality, and substitute my own!" -- Adam Savage
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071221/58b2c0c7/attachment.htm
More information about the syslog-ng
mailing list