[syslog-ng] Parsing Cisco FWSM with device-id
Martin Holste
mcholste at gmail.com
Wed Oct 5 20:00:48 CEST 2011
So I have a customer who has enabled the device-id configuration
directive on his FWSM, and that means that instead of this from a
normal FWSM:
<174>%FWSM-6-302013: Built inbound TCP...
it sends this:
<174>FWSMHostName %FWSM-6-30203: Built inbound TCP...
This means that the program name does not get properly parsed as
syslog-ng pushes it into the msg field. If I can't convince the
customer to remove the device-id setting, what's the least
CPU-intensive way of coping with this so that program and msg are set
correctly?
More information about the syslog-ng
mailing list