[syslog-ng] pattern matching against raw input?
Fekete Róbert
frobert at balabit.com
Sat Apr 17 20:13:12 CEST 2010
Hi Glen,
Try setting the flags(no-parse) option on your source (http://www.balabit.com/dl/html/syslog-ng-ose-v3.1-guide-admin-en.html/ch06s01.html#reference_source_tcpudp).
That way syslog-ng will put all incoming data into the MESSAGE part without parsing, and add a syslog header (timestamp, etc.).
I think that was what you meant.
Regards,
Robert
On Thursday, April 15, 2010 21:09 CEST, Glen Johnson <gfjohnson at alaska.edu> wrote:
> Is there a way to parse against raw input, with syslog-ng?
>
> I'm writing patterns for Cisco devices and the PROGRAM macro appears
> to be gobbling (and then removing) the %FACILITY-SEVERITY-MNEMONIC
> text, prior to the parser getting access [to the message], for Cisco
> ASA devices. In other cases, PROGRAM gobbles the log sequence number
> (from cisco ios) and leaves the date/time and FAC-SEV-MNEMONIC code
> intact.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list