rsyslogd 7.4.4-1ubuntu2.6 (Ubuntu 14.04) rsyslogd 7.4.4, compiled with: FEATURE_REGEXP: Yes FEATURE_LARGEFILE: No GSSAPI Kerberos 5 support: Yes FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes Runtime Instrumentation (slow code): No uuid support: Yes
On Wed, Feb 15, 2017 at 2:59 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Wed, Feb 15, 2017 at 1:03 PM, Ralph Durkee <ralph.dur...@gmail.com> > wrote: > > I'm surprised I'm not finding a quick answer to this one in my searches, > so > > hopefully this will be quick. > > OSSEC is not parsing log files with a priority prefix, in the rfc3164 / > BSD > > format. The prematch fails. For example > > > > <13>Feb 15 12:59:01 hostname progname: message here > > > > ossec-logtest decode doesn't even find a host name or a program name. If > > the prefix is manually removed it's parsed just fine of course. Given the > > prefix is a standard format it would seem that there must be a simple > means > > to get the prematch to work correctly. > > > > Most syslogds seem to strip this off the logs they write to disk.Which > daemon are you using? > > > Thanks > > -- Ralph > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.