[syslog-ng] Cisco ACS logs truncated
Evan Rempel
erempel at uvic.ca
Wed Nov 15 16:18:14 UTC 2017
Answered out of band because the details are messy.
If there is sufficient interest I can clean it up and post it to the list.
Evan.
On 11/15/2017 04:26 AM, Scot wrote:
> Thanks Evan,
> Didn't see much in term of cisco documentation of the format. Is that
> 1st number in the message header unique to each message and do you
> share patterns ?
>
> Scot
>
> On Tue, Nov 14, 2017 at 8:36 PM, Evan Rempel <erempel at uvic.ca
> <mailto:erempel at uvic.ca>> wrote:
>
> At our side we used a patterndb to unwrap the ACS logs into single
> long line messages. These long lines seem to be wrapped at the
> source (Cisco device) before sending to the syslog server.
>
> Evan.
>
>
> On 11/14/2017 02:03 PM, Scot wrote:
>
> Hi,
>
> Has anyone worked with ACS logs and solved the message header
> limit ?
> We can get syslog working but as expected the message gets
> truncated.
>
> Local logs on the ACS have the entire payload.
>
> Thinking there may be a way to script a log fetch or something.
>
> Thanks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171115/7994459a/attachment.html>
More information about the syslog-ng
mailing list