On Wed, Jun 23, 2010 at 01:43:30PM -0400, Scott T. Cameron wrote: > I'd recommend you not rely on Juniper to do this but instead do it > yourself. If you output the entire contents of syslog to a syslog-ng > server, you can do all of the intelligent filtering you need on the > server end.
I did it in PHP, but the concept is the same. If it saves anyone else some time, here is how to parse a Juniper syslog message (using some hard-coded assumptions of microseconds, explicit-priority, and UTC): ereg("^<([^\ ]+)>([A-Za-z]{3} [0-9]{1,2} .{8}) (.*): %([^\ ]+): (.*)$", $input, $parse); $timestamp = strtotime(substr($parse[2], 0, 15) . " UTC"); $msg['timestamp'] = date("Y-m-d H:i:s", $timestamp); $msg['process'] = $parse[3]; $msg['fsevent'] = $parse[4]; $msg['message'] = $parse[5]; /* Warning: logical-router messages are sometimes randomly backwards */ if ($msg['process'] == "searchforyourlrnameshere") { $msg['logical-router'] = "yourlrname"; $process = explode(":", $msg['message'], 2); $msg['process'] = $process[0]; $msg['message'] = $process[1]; } else if (strpos(":", $msg['process'])) { $process = explode(":", $msg['process'], 2); $msg['logical-router'] = $process[0]; $msg['process'] = $process[1]; } > Personally, I'd rather Juniper focus on fixing bugs for my SRX. :) You don't know suffering until you've put the wife's Internet connection behind a buggy SRX. :) -- Richard A Steenbergen <r...@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp