[syslog-ng] non standard syslog messgae!

Wilson Lai wilsonlai at macausjm.com
Fri Sep 14 06:03:46 CEST 2007 

Hi,
    The message is not generated from a Cisco device. It is a third 
party application log which has the format as follow ;
          " Error     Browser    (Service 14)    Thu May 10 01:52:15 
2007
             [OM 0]
             Pid of logging process: 1029
                  Last Msg ID : JavaMail.root(a).scalix.x.y.com
                  Last Msg DirectRef: 000a4beace41e153 "          "
    How could I convert it into a standard syslog format?
    Thanks.
Regards,
Wilson Lai
System Engineer
IT Dept., SJM
Office ( : (853)2978585
Mobile ( : (853)66506709
Email +: : wilsonlai at macausjm.com
 
-----Original Message-----
From: syslog-ng-request at lists.balabit.hu 
[mailto:syslog-ng-request at lists.balabit.hu] 
Sent: Thursday, September 13, 2007 6:00 PM
To: syslog-ng at lists.balabit.hu
Subject: syslog-ng Digest, Vol 29, Issue 10

Send syslog-ng mailing list submissions to
	syslog-ng at lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
	syslog-ng-request at lists.balabit.hu

You can reach the person managing the list at
	syslog-ng-owner at lists.balabit.hu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."


Today's Topics:

   1. Re:  syslog-ng Digest, Vol 28, Issue 21 (Balazs Scheidler)


----------------------------------------------------------------------

Message: 1
Date: Wed, 12 Sep 2007 17:06:49 +0200
From: Balazs Scheidler <bazsi at balabit.hu>
Subject: Re: [syslog-ng] syslog-ng Digest, Vol 28, Issue 21
To: Syslog-ng users' and developers' mailing list
	<syslog-ng at lists.balabit.hu>
Message-ID: <1189609609.7181.4.camel at bzorp.balabit>
Content-Type: text/plain

On Fri, 2007-09-07 at 07:26 -0700, Nate Campi wrote:
> On Fri, Sep 07, 2007 at 05:26:02PM +0800, Wilson Lai wrote:
> > Dear all,
> >        What happen if the log message is not a standard syslog 
message?
> >        Thanks.
> 
> If a Cisco switch sends a message like this:
> 2005 Aug 23 03:04:05 UTC +00:00 %PAGP-5-PORTFROMSTP:Port 4/16 left 
bridge port 4/16
> 
> ...it'll be written to disk like this:
> 
> Aug 23 03:04:05 switch.company.com 2005 Aug 23 03:04:05 UTC +00:00 
%PAGP-5-PORTFROMSTP:Port 4/16 left bridge port 4/16
> 
> syslog servers put in a proper syslog formatted header.
> 
> The behavior is documented here:
> 
>  http://www.faqs.org/rfcs/rfc3164.html
> 
> It's not syslog-ng specific behavior.

In fact I've added some Cisco date stamp support, so date stamps of some
of the Cisco gear are properly recognized. But Cisco is not using
consistent timestamps in their different product lines.

-- 
Bazsi



------------------------------

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng


End of syslog-ng Digest, Vol 29, Issue 10
*****************************************

More information about the syslog-ng mailing list