[syslog-ng] Cisco ACS logs truncated

Scheidler, Balázs balazs.scheidler at balabit.com
Wed Nov 15 17:01:03 UTC 2017 

Yup, I might even add this use case to my latedt application parsers
framewrok.

On Nov 15, 2017 17:57, "Kókai Péter" <peter.kokai at balabit.com> wrote:

> Hello,
>
> It would be really useful if you could share it (Y).
>
> Kokan
>
> On Wed, Nov 15, 2017 at 5:18 PM Evan Rempel <erempel at uvic.ca> wrote:
>
>> Answered out of band because the details are messy.
>> If there is sufficient interest I can clean it up and post it to the list.
>>
>>
>> Evan.
>>
>>
>> On 11/15/2017 04:26 AM, Scot wrote:
>>
>> Thanks Evan,
>> Didn't see much in term of cisco documentation of the format.  Is that
>> 1st number in the message header unique to each message and do you share
>> patterns ?
>>
>> Scot
>>
>> On Tue, Nov 14, 2017 at 8:36 PM, Evan Rempel <erempel at uvic.ca> wrote:
>>
>>> At our side we used a patterndb to unwrap the ACS logs into single long
>>> line messages. These long lines seem to be wrapped at the source (Cisco
>>> device) before sending to the syslog server.
>>>
>>> Evan.
>>>
>>>
>>> On 11/14/2017 02:03 PM, Scot wrote:
>>>
>>>> Hi,
>>>>
>>>>  Has anyone worked with ACS logs and solved the message header limit ?
>>>> We can get syslog working but as expected the message gets truncated.
>>>>
>>>> Local logs on the ACS have the entire payload.
>>>>
>>>> Thinking there may be a way to script a log fetch or something.
>>>>
>>>> Thanks
>>>
>>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?
>> product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171115/48fa2997/attachment-0001.html>

More information about the syslog-ng mailing list