[syslog-ng] Parsing Cisco FWSM with device-id
Fekete Róbert
frobert at balabit.hu
Wed Oct 5 20:24:09 CEST 2011
I guess csv parser. If you are lucky, you can rewrite the PROGRAM and MSG fields from the csv parser (not sure if it actually works, but wouldn't be surprised if it did), like:
csv_parser .... columns($PROGRAM,$MESSAGE)
Robert
On Wednesday, October 5, 2011 20:00 CEST, Martin Holste <mcholste at gmail.com> wrote:
> So I have a customer who has enabled the device-id configuration
> directive on his FWSM, and that means that instead of this from a
> normal FWSM:
> <174>%FWSM-6-302013: Built inbound TCP...
> it sends this:
> <174>FWSMHostName %FWSM-6-30203: Built inbound TCP...
>
> This means that the program name does not get properly parsed as
> syslog-ng pushes it into the msg field. If I can't convince the
> customer to remove the device-id setting, what's the least
> CPU-intensive way of coping with this so that program and msg are set
> correctly?
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
More information about the syslog-ng
mailing list