[syslog-ng] Cisco IOS message format
Wells, James
James.Wells at rbccm.com
Thu Nov 10 12:24:53 CET 2011
Hi All,
I am struggling to get syslog-ng to output the correct format for Cisco
IOS devices. I am using syslog-ng to forward message to a NMS system.
The issue I see is syslog-ng upon forwarding adds more data to the
message as I am assuming it does not understand the Cisco IOS syslog
format.
Version of syslog-ng:
Name : syslog-ng Relocations: (not
relocatable)
Version : 2.1.4 Vendor: Fedora Project
Release : 9.el5 Build Date: Mon 16 May 2011
15:09:47 BST
Install Date: Fri 21 Oct 2011 12:26:04 BST Build Host:
x86-01.phx2.fedoraproject.org
Group : System Environment/Daemons Source RPM:
syslog-ng-2.1.4-9.el5.src.rpm
Cisco IOS statements:
service timestamps log datetime msec localtime show-timezone
logging trap notifications
logging facility local6
Syslog format in the local file:
Nov 10 10:18:44.102 UTC: %SYS-5-CONFIG_I: Configured from console by
testuser on vty0 (1.2.3.4)
Syslog-ng conf file:
options {
sync(0);
time_reopen(10);
log_fifo_size(1000);
long_hostnames(off);
check_hostname(yes);
keep_hostname(yes);
chain_hostnames(no);
use_time_recvd(yes);
};
template("$MSGONLY\n")
When I perform a TCPDUMP and view the incoming message and then the
forwarded message I can see that syslog-ng adds more data to the MESSAGE
aspect of the syslog.
Has anyone been able to create a filter or template that manages this
format, so that the forwarding of the syslog onto another receiver is
not changed as syslog-ng is adding the $DATE and $HOST to the message.
Thanks in advance
James
_______________________________________________________________________
This email is intended only for the use of the individual(s) to whom
it is addressed and may be privileged and confidential.
Unauthorised use or disclosure is prohibited. If you receive this
e-mail in error, please advise immediately and delete the original
message without copying, using, or telling anyone about its contents.
This message may have been altered without your or our knowledge and
the sender does not accept any liability for any errors or omissions
in the message.
This message does not create or change any contract. Royal Bank of
Canada and its subsidiaries accept no responsibility for damage caused
by any viruses contained in this email or its attachments. Emails may
be monitored.
RBC Capital Markets is a business name used by branches and
subsidiaries of Royal Bank of Canada, including Royal Bank of Canada,
London branch and RBC Europe Limited. In accordance
with English law requirements, details regarding RBC Europe Limited
are set out below:
RBC EUROPE LIMITED
Registered in England and Wales 995939
Registered Address: Riverbank House, 2 Swan Lane, London, EC4R 3BF.
Authorised and regulated by the Financial Services Authority.
Member of the London Stock Exchange.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111110/41a24e5b/attachment.htm
More information about the syslog-ng
mailing list