[syslog-ng] remove header
Richard F. Hart II
richard.hartii at gmail.com
Tue May 22 23:25:18 CEST 2012
I have a juniper srx that is sending its syslogs to a syslog-ng server.
Then I am having the syslog-ng server forward those juniper syslog messages
to NItroSecurity ESM. However, I am having some difficutly.
The syslog-ng server is appending a header to the beginning of the juniper
syslog message when it sends it to the NitroSecurity ESM. How can I tell
syslog-ng not to append its header to the beginning of the message?
Here is a sample:
*<14>May 22 08:31:03 syslog-ng.example.com* 2012-05-22T08:28:48.548
Juniper-SRX RT_FLOW - RT_FLOW_SESSION_CREATE
[junos at 2636.1.1.1.2.34source-address="192.168.1.34"
source-port="40944"
destination-address="4.2.2.2" destination-port="1984" service-name="None"
nat-source-address="192.168.1.34" nat-source-port="40944"
nat-destination-address="4.2.2.2" nat-destination-port="1984"
src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="6"
policy-name="175008" source-zone-name="legacy" destination-zone-name="t-a"
session-id-32="220372159" username="N/A" roles="N/A"
packet-incoming-interface="reth4.0"]
How do I stop syslog-ng from appending the underlined section?
Thank you,
Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120522/5bb6ffc3/attachment.htm
More information about the syslog-ng
mailing list