[syslog-ng] Rsyslog relay or syslog-ng ?

[Scot]

The Msg: header seems to be formatted correctly. Relabeled some data.

15:44:07.886743 IP (tos 0x10, ttl 64, id 8925, offset 0, flags [none],
proto UDP (17), length 513)
    *RSYSLOG_RELAYIP*.58828 > *IDS_TARGETIP*.syslog: SYSLOG, length: 485
Facility local0 (16), Severity info (6)
Msg: 1 2018-02-05T15:44:07-05:00 MD_FWPA01 1,2018/02/05 - - -
15:44:07,007801000484,TRAFFIC,drop,1,2018/02/05
15:44:07,10.162.57.38,172.217.3.36,0.0.0.0,0.0.0.0,Default-Deny-Log,,,not-applicable,vsys1,SOUND-Trust,SOUND-Untrust,ae2.100,,SOUND-LogForwarder,2018/02/05
15:44:07,0,1,60886,443,0,0,0x4000,udp,deny,1396,1396,0,1,2018/02/05
15:44:07,0,any,0,95104452051,0x0,10.0.0.0-10.255.255.255,US,0,1,0,policy-deny,21,12,23,0,SOUND,MD_FWPA01,from-policy\0x0a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180205/5f00d70a/attachment.html>