[syslog-ng] Rewriting Cisco messages

[Gergely Nagy]

Martin Holste <mcholste at gmail.com> writes:

> Well, you're certainly welcome to write a Cisco parser, but in my
> situation, I can't filter by IP since I don't know what IP's will be
> Cisco.

I see. Then perhaps a parser + filter combo would do the trick for
you. By the looks of it, all three types of messages are reasonably easy
and fast to identify..

I'll see what I can do. I'll also have a look at the regexps you posted,
as speeding those up, if possible, would provide a more immediate
improvement. :)

-- 
|8]