[syslog-ng] syslog-ng Digest, Vol 28, Issue 21
Balazs Scheidler
bazsi at balabit.hu
Wed Sep 12 17:06:49 CEST 2007
On Fri, 2007-09-07 at 07:26 -0700, Nate Campi wrote:
> On Fri, Sep 07, 2007 at 05:26:02PM +0800, Wilson Lai wrote:
> > Dear all,
> > What happen if the log message is not a standard syslog message?
> > Thanks.
>
> If a Cisco switch sends a message like this:
> 2005 Aug 23 03:04:05 UTC +00:00 %PAGP-5-PORTFROMSTP:Port 4/16 left bridge port 4/16
>
> ...it'll be written to disk like this:
>
> Aug 23 03:04:05 switch.company.com 2005 Aug 23 03:04:05 UTC +00:00 %PAGP-5-PORTFROMSTP:Port 4/16 left bridge port 4/16
>
> syslog servers put in a proper syslog formatted header.
>
> The behavior is documented here:
>
> http://www.faqs.org/rfcs/rfc3164.html
>
> It's not syslog-ng specific behavior.
In fact I've added some Cisco date stamp support, so date stamps of some
of the Cisco gear are properly recognized. But Cisco is not using
consistent timestamps in their different product lines.
--
Bazsi
More information about the syslog-ng
mailing list