[syslog-ng] cisco templetes

ciprian niculescu cnicules at gmail.com
Tue Jul 30 18:35:16 UTC 2019


i'm building a syslog relay to collect and duplicate the flows to
multiple destinations.
but the relayed messages are strange looking.
my source are cisco network devices (catalyst, nexus, asa) and i want
to relay to a Solarwinds, Splunk and a linux-syslog for archiving.

i search the net for a templete but found none.
What i got so far is that the catalyst is sending in syslog bsd
format, but with the relay configured to source bsd and destination
bsd, the end message is different (the date is doubled, the relay add
his IP)

any help is appreciated.



