[syslog-ng] Cisco ACS logs truncated
Kókai Péter
peter.kokai at balabit.com
Wed Nov 15 16:57:05 UTC 2017
Hello,
It would be really useful if you could share it (Y).
Kokan
On Wed, Nov 15, 2017 at 5:18 PM Evan Rempel <erempel at uvic.ca> wrote:
> Answered out of band because the details are messy.
> If there is sufficient interest I can clean it up and post it to the list.
>
>
> Evan.
>
>
> On 11/15/2017 04:26 AM, Scot wrote:
>
> Thanks Evan,
> Didn't see much in term of cisco documentation of the format. Is that 1st
> number in the message header unique to each message and do you share
> patterns ?
>
> Scot
>
> On Tue, Nov 14, 2017 at 8:36 PM, Evan Rempel <erempel at uvic.ca> wrote:
>
>> At our side we used a patterndb to unwrap the ACS logs into single long
>> line messages. These long lines seem to be wrapped at the source (Cisco
>> device) before sending to the syslog server.
>>
>> Evan.
>>
>>
>> On 11/14/2017 02:03 PM, Scot wrote:
>>
>>> Hi,
>>>
>>> Has anyone worked with ACS logs and solved the message header limit ?
>>> We can get syslog working but as expected the message gets truncated.
>>>
>>> Local logs on the ACS have the entire payload.
>>>
>>> Thinking there may be a way to script a log fetch or something.
>>>
>>> Thanks
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171115/08d0f58b/attachment.html>
More information about the syslog-ng
mailing list