[syslog-ng] Undesirable behavior from Cisco parser?

Nik Ambrosch nik at ambrosch.com
Fri Sep 7 16:00:43 UTC 2018

Recently I upgraded my centralized loghost from 3.9 -> 3.15 and I noticed
that some of my cisco devices started being logged in an undesirable
format... I don't want to enable the cisco parser because more than just
cisco messages get delivered to this interface.  Here are the relevant
fields that have changed before/after the upgrade:

syslog-ng 3.9, before upgrade ---
    ${FULLHOST}: "mydevice.com"
    ${PROGRAM}: ""
    message: "%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has
invalid spi for..."

syslog-ng 3.15, before upgrade ---
    ${FULLHOST}: ":"
    ${MSG}: "decaps: rec'd IPSEC packet has invalid spi for..."

Is this unintended behavior or a bug?  This particular device is a Cisco
3845 running ios 12.4(22)T4.

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180907/c9780115/attachment.html>

More information about the syslog-ng mailing list