[opennms-devel] Syslogd issue

Paul G. Manno Fri, 11 Mar 2011 11:13:51 -0800

Hello,

First some bookkeeping:
Version:


1.9.6

Server Time:

Fri Mar 11 12:50:22 CST 2011

Client Time:

Fri Mar 11 12:48:36 CST 2011

Java Version:

1.6.0_24 Sun Microsystems Inc.

Java Virtual Machine:

19.1-b02 Sun Microsystems Inc.

Operating System:

Linux 2.6.18-194.3.1.el5 (amd64)

Servlet Container:

jetty/6.1.24 (Servlet Spec 2.5)

User Agent:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)



Now the issue:

Trying to convert syslog messages from a SonicWall firewall.  Messages are 
getting to the server (I've turned on the server's syslogd and enabled it for 
receiving).  This is what I see in /var/log/messages (I've substituted X for 
sensitive info like IP and SerialNumber):
Mar 11 12:43:57 10.5.0.1 id=firewall sn=XXXXXXXXXXXX time="2011-03-11 12:43:57" 
fw=XX.XX.XX.XX pri=5 c=256 m=38 msg="ICMP packet dropped due to policy" n=10906 
src=XX.XX.XX.XX:3:X1:somehost.com dst=XX.XX.XX.XX:3:X1:  type=3 code=1

When I turn off the CentOS syslogd and turn on the OpenNMS syslogd, I see this:
2011-03-11 12:35:16,207 DEBUG [SyslogConnection] CustomSyslogParser: Unable to 
parse date 'null' from text: <133>id=firewall sn=XXXXXXXXXXXX time="2011-03-11 
12:43:57" fw=XX.XX.XX.XX pri=5 c=256 m=38 msg="ICMP packet dropped due to 
policy" n=10906 src=XX.XX.XX.XX:3:X1:somehost.com dst=XX.XX.XX.XX:3:X1:  type=3 
code=1

I don't know where the "<133>" is coming from, but it's blowing up the 
CustomSyslogParser because it's causing a match to the 
CustomSyslogParser.m_syslogPattern where it shouldn't and it's throwing the 
exception.  Any ideas where the <133> string that is prepended to the actual 
message could be coming from?

Thanks,
Paul

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-devel mailing list

To *unsubscribe* or change your subscription options, see the bottom of this 
page:
https://lists.sourceforge.net/lists/listinfo/opennms-devel

[opennms-devel] Syslogd issue

Reply via email to