[syslog-ng] RE syslog-ng OSE parsing

Daniel Ehrlich Daniel.Ehrlich at usq.edu.au
Fri Jun 15 04:37:15 UTC 2018



Hoping you can assist me, I haven't really come across anything that makes
full sense to me in my searching of various sites/forums.


This is an example log.

Jun 14 11:57:27 PM.685 UTC :  %UC_LOGIN-4-AuthenticationFailed: %[Login
Date/Time=06/15/2018 at 09:57:27][Login IP
Address/Hostname=][Login Interface=cucm-uds][Login
UserID=POBAR][App ID=Cisco Tomcat][Cluster ID=][Node ID=cucmsub-prd-t2]:
Login Authentication failed.


Syslog-ng reads the $HOST as PM.685 ; can I get it to rewrite host as
cucmsub-prd-t2 ? i.e. Node ID=


Thanks you


Kind Regards,


Daniel Ehrlich

MastInfoSysSec, DipBA, SSCP, F5-CA, Splunk CA

ICT Security Officer
ICT Client Services|Infrastructure Services
Phone: +61 7 4687 5600 Email:  <mailto:Daniel.Ehrlich at usq.edu.au>
Daniel.Ehrlich at usq.edu.au

Toowoomba | Queensland | 4350 | Australia


This email (including any attached files) is confidential and is for the intended recipient(s) only. If you received this email by mistake, please, as a courtesy, tell the sender, then delete this email.

The views and opinions are the originator's and do not necessarily reflect those of the University of Southern Queensland. Although all reasonable precautions were taken to ensure that this email contained no viruses at the time it was sent we accept no liability for any losses arising from its receipt.

The University of Southern Queensland is a registered provider of education with the Australian Government.
(CRICOS Institution Code QLD 00244B / NSW 02225M, TEQSA PRV12081 )

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180615/f48f8216/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5332 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180615/f48f8216/attachment.bin>

More information about the syslog-ng mailing list