On Wed, Jun 23, 2010 at 01:43:30PM -0400, Scott T. Cameron wrote:
> I'd recommend you not rely on Juniper to do this but instead do it
> yourself. If you output the entire contents of syslog to a syslog-ng
> server, you can do all of the intelligent filtering you need on the
> server end.
I did it in PHP, but the concept is the same. If it saves anyone else
some time, here is how to parse a Juniper syslog message (using some
hard-coded assumptions of microseconds, explicit-priority, and UTC):
ereg("^<([^\ ]+)>([A-Za-z]{3} [0-9]{1,2} .{8}) (.*): %([^\ ]+): (.*)$", $input,
$parse);
$timestamp = strtotime(substr($parse[2], 0, 15) . " UTC");
$msg['timestamp'] = date("Y-m-d H:i:s", $timestamp);
$msg['process'] = $parse[3];
$msg['fsevent'] = $parse[4];
$msg['message'] = $parse[5];
/* Warning: logical-router messages are sometimes randomly backwards */
if ($msg['process'] == "searchforyourlrnameshere") {
$msg['logical-router'] = "yourlrname";
$process = explode(":", $msg['message'], 2);
$msg['process'] = $process[0];
$msg['message'] = $process[1];
} else if (strpos(":", $msg['process'])) {
$process = explode(":", $msg['process'], 2);
$msg['logical-router'] = $process[0];
$msg['process'] = $process[1];
}
> Personally, I'd rather Juniper focus on fixing bugs for my SRX. :)
You don't know suffering until you've put the wife's Internet connection
behind a buggy SRX. :)
--
Richard A Steenbergen <r...@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
