[syslog-ng] Undesirable behavior from Cisco parser?
Nik Ambrosch
nik at ambrosch.com
Fri Sep 7 16:00:43 UTC 2018
Recently I upgraded my centralized loghost from 3.9 -> 3.15 and I noticed
that some of my cisco devices started being logged in an undesirable
format... I don't want to enable the cisco parser because more than just
cisco messages get delivered to this interface. Here are the relevant
fields that have changed before/after the upgrade:
syslog-ng 3.9, before upgrade ---
${FULLHOST}: "mydevice.com"
${PROGRAM}: ""
message: "%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has
invalid spi for..."
syslog-ng 3.15, before upgrade ---
${FULLHOST}: ":"
${PROGRAM}: "%CRYPTO-4-RECVD_PKT_INV_SPI"
${MSG}: "decaps: rec'd IPSEC packet has invalid spi for..."
Is this unintended behavior or a bug? This particular device is a Cisco
3845 running ios 12.4(22)T4.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180907/c9780115/attachment.html>
More information about the syslog-ng
mailing list