[syslog-ng] problems with Cisco WiFi controller syslog messages

Poley, Jason jpoley at co.santa-barbara.ca.us
Thu Jul 19 20:09:46 CEST 2007


Bazsi,

So I finally got around to the upgrade this morning (now on 2.0.4), only one
month later...

Is it possible you can help with these obviously non-standard Cisco syslog
timestamps?

JDP

---------------------------------
Jason D Poley
Network Tech
GS ITS Network 
County of Santa Barbara
805.568.2680
jpoley at co.santa-barbara.ca.us 


-----Original Message-----
From: Poley, Jason 
Sent: Thursday, June 14, 2007 7:57 AM
To: 'Syslog-ng users' and developers' mailing list'
Subject: RE: [syslog-ng] problems with Cisco WiFi controller syslog messages

Thanks so much for the reply. 

So, I will upgrade to the latest version and hope for a fix from you I
suppose.

A question along those lines then...  What is the implication of upgrading
from 1.6.9 to 2.0.x?  Are there any problems or changes that will affect my
current logs?  I suppose I should mention that I dump these to a mysql
database and report against them with php-syslog-ng.  I sure don't want to
blow up the whole system.

JDP

---------------------------------
Jason D Poley
Network Tech
GS ITS Network 
County of Santa Barbara
805.568.2680
jpoley at co.santa-barbara.ca.us 


> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-
> bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler
> Sent: Thursday, June 14, 2007 3:43 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] problems with Cisco WiFi controller syslog
> messages
> 
> On Wed, 2007-06-13 at 07:02 -0700, Poley, Jason wrote:
> > We have upgraded our Cisco WiFi controller and now its syslog messages
> > contain milliseconds which syslog-ng does not know how to handle.
> >
> > I am running version 1.6.9 of syslog-ng on RedHat version 3.
> >
> > TCP dump of first 96 bytes...
> > 06:57:07.584716 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto
> 17,
> > length: 248) 161.213.8.243.32768 > 161.213.4.226.syslog: UDP, length 220
> >         0x0000:  4500 00f8 0000 4000 3b11 ed75 a1d5 08f3
> E..... at .;..u....
> >         0x0010:  a1d5 04e2 8000 0202 00e4 660c 3c31 3238
> ..........f.<128
> >         0x0020:  3e20 4a75 6e20 3133 2030 363a 3536 3a31
> >.Jun.13.06:56:1
> >         0x0030:  362e 3732 3820 6170 665f 726f 6775 655f
> 6.728.apf_rogue_
> >         0x0040:  6465 7465 6374 2e63 3a35 3735 2041 5046
> detect.c:575.APF
> >         0x0050:  2d31                                     -1
> >
> > Is this behavior different in a later version of syslog-ng and should I
> > upgrade?
> 
> syslog-ng 2.0.x supports milliseconds in timestamps, however it uses
> ISO8601 timestamps for that purpose. As I see the snipped quoted here
> uses a BSD timestamps with milliseconds added.
> 
> Gee.. At least they could have added year information too.
> 
> So, upgrading to 2.0.x will not solve your problems, but there's a
> chance that I can change this there.
> 
> --
> Bazsi
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7998 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070719/da41fadc/smime.bin


More information about the syslog-ng mailing list