Re: [ossec-list] OSSEC parse rfc3164 / BSD format log files

Wed, 15 Feb 2017 12:22:20 -0800 

rsyslogd  7.4.4-1ubuntu2.6   (Ubuntu 14.04)

rsyslogd 7.4.4, compiled with:
    FEATURE_REGEXP:                Yes
    FEATURE_LARGEFILE:            No
    GSSAPI Kerberos 5 support:        Yes
    FEATURE_DEBUG (debug build, slow code):    No
    32bit Atomic operations supported:    Yes
    64bit Atomic operations supported:    Yes
    Runtime Instrumentation (slow code):    No
    uuid support:                Yes



On Wed, Feb 15, 2017 at 2:59 PM, dan (ddp) <ddp...@gmail.com> wrote:

> On Wed, Feb 15, 2017 at 1:03 PM, Ralph Durkee <ralph.dur...@gmail.com>
> wrote:
> > I'm surprised I'm not finding a quick answer to this one in my searches,
> so
> > hopefully this will be quick.
> > OSSEC is not parsing log files with a priority prefix, in the rfc3164 /
> BSD
> > format.  The prematch fails. For example
> >
> > <13>Feb 15 12:59:01 hostname progname: message here
> >
> > ossec-logtest decode doesn't even find a host name or a program name.  If
> > the prefix is manually removed it's parsed just fine of course. Given the
> > prefix is a standard format it would seem that there must be a simple
> means
> > to get the prematch to work correctly.
> >
>
> Most syslogds seem to strip this off the logs they write to disk.Which
> daemon are you using?
>
> > Thanks
> > -- Ralph
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to ossec-list+unsubscr...@googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to