[syslog-ng] need help debugging some network received logs that aren't writing to files
Jakub Jankowski
shasta at toxcorp.com
Tue Feb 18 22:05:33 CET 2014
On 18.02.2014 21:12, Chris Moody wrote:
>
> I'm running into a case though where I have a Cisco switch sending logs
> to my log aggregator but the log-server isn't writing the output to the
> device's spool file. It is working however for many many more devices
> just like this switch.
>
> I've confirmed via tcpdump that this log traffic does actually hit the
> box, but it never gets recorded into the log spool for that network device.
Most likely your Cisco device sends logs which are not conforming to
syslog standard (as in: format). Try pointing this device to a source()
with "flags(no-parse)" set.
See Administrator Guide for more details.
HTH.
--
Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
More information about the syslog-ng
mailing list