[syslog-ng] Cisco ACS logs truncated
Scot
scotrn at gmail.com
Wed Nov 15 12:26:31 UTC 2017
Thanks Evan,
Didn't see much in term of cisco documentation of the format. Is that 1st
number in the message header unique to each message and do you share
patterns ?
Scot
On Tue, Nov 14, 2017 at 8:36 PM, Evan Rempel <erempel at uvic.ca> wrote:
> At our side we used a patterndb to unwrap the ACS logs into single long
> line messages. These long lines seem to be wrapped at the source (Cisco
> device) before sending to the syslog server.
>
> Evan.
>
>
> On 11/14/2017 02:03 PM, Scot wrote:
>
>> Hi,
>>
>> Has anyone worked with ACS logs and solved the message header limit ?
>> We can get syslog working but as expected the message gets truncated.
>>
>> Local logs on the ACS have the entire payload.
>>
>> Thinking there may be a way to script a log fetch or something.
>>
>> Thanks
>> Scot
>>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=
> syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171115/5efaa8e2/attachment.html>
More information about the syslog-ng
mailing list