[syslog-ng] Cisco Syslog: Wireless Controller Messages
Geller, Sandor (IT)
Sandor.Geller at morganstanley.com
Sat Dec 22 20:49:51 CET 2007
Hi,
> Hello everyone, and happy holidays! I came across a weird
> issue with syslog-ng, and messages coming from the Cisco
> Wireless Controller devices. When I use ngrep to do a
> capture from the wire, the alert looks like this:
>
> <130> Dec 21 19:20:24.474 iapp_socket_task.c:580
> IAPP-3-MSGTAG015: iappSocketTask: iappRecvPkt returned error
>
> However, after running through syslog-ng and getting to my
> syslog file it appears like this (numbers different, message
> the same):
>
> Dec 21 16:01:27 .839 iapp_socket_task.c:580 IAPP-3-MSGTAG015:
> iappSocketTask: iappRecvPkt returned error
>
> So, it appears as though syslog-ng is pulling the
> milliseconds from the alert (the .839 in the second example)
> and moving it to the 4th token spot, instead of leaving it
> attached. Anyone seen this behavior, and more importantly,
> what do we need to do to fix it? I am on syslog-ng version
> 1.6.11. Thanks in advance!!!
syslog-ng 1.6 doesn't support high resolution timestamps. You
should upgrade to the 2.0 series.
Regards,
Sandor
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
More information about the syslog-ng
mailing list