[syslog-ng] remove header
C. L. Martinez
carlopmart at gmail.com
Wed May 23 07:52:39 CEST 2012
On Tue, May 22, 2012 at 11:25 PM, Richard F. Hart II
<richard.hartii at gmail.com> wrote:
> I have a juniper srx that is sending its syslogs to a syslog-ng server. Then
> I am having the syslog-ng server forward those juniper syslog messages to
> NItroSecurity ESM. However, I am having some difficutly.
> The syslog-ng server is appending a header to the beginning of the juniper
> syslog message when it sends it to the NitroSecurity ESM. How can I tell
> syslog-ng not to append its header to the beginning of the message?
>
> Here is a sample:
>
> <14>May 22 08:31:03 syslog-ng.example.com 2012-05-22T08:28:48.548
> Juniper-SRX RT_FLOW - RT_FLOW_SESSION_CREATE [junos at 2636.1.1.1.2.34
> source-address="192.168.1.34" source-port="40944"
> destination-address="4.2.2.2" destination-port="1984" service-name="None"
> nat-source-address="192.168.1.34" nat-source-port="40944"
> nat-destination-address="4.2.2.2" nat-destination-port="1984"
> src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="6"
> policy-name="175008" source-zone-name="legacy" destination-zone-name="t-a"
> session-id-32="220372159" username="N/A" roles="N/A"
> packet-incoming-interface="reth4.0"]
>
>
> How do I stop syslog-ng from appending the underlined section?
>
> Thank you,
> Richard
What header?? I have a juniper SRX that forwards all logs to a rsyslog
instance and log is exactly to this ...
More information about the syslog-ng
mailing list