[syslog-ng] More on simple filtering problem

[Jim Hendrick]

I can't comment specifically but check for whitespace and map the non space against the various syslog RFCs. Also using tcpdump to inspect the inbound and outbound traffic may help.
Be very detailed. I have seen a single space or lack thereof make all the difference. 
Jim


Sent from my Verizon Wireless 4G LTE Smartphone

-------- Original message --------
From: Paul Hutton <paul_hutton at bigpond.com> 
Date: 11/15/2013  1:38 AM  (GMT-05:00) 
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu> 
Subject: [syslog-ng] More on simple filtering problem 
 
Hi all,

I pinged this list some time ago, confessing that I couldn't get simple filtering to work. I still haven't had a satisfactory result to the problem that I have been experiencing, so can I rephrase the situation?

Does anyone have syslog-ng configured to read source syslog traffic generated by Cisco switches and firewalls, and to then forward them through to Ciscoworks LMS   and successfully displayed on the LMS Admin console?

I believe the problem is that syslog-ng's handling of the message changes its contents sufficiently for it not to be recognised as displayable on the LMS console. We do see message traffic arriving at the LMS which gets logged to a file, but it doesn't appear on the GUI console. I have tried the source options no-parse and store-legacy-msghdr with no good effect.

Thanks for any responses

Paul 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20131115/3713043b/attachment.htm