Log entries on this rsyslog server are coming from multiple
(non-rsyslog) remote hosts, including linux boxen with classic sysklogd,
cisco routers, & windows machines. It's all kinds of messy... Given some
of the following examples, can anyone offer thoughts on how these
messages could be cleaned up on the rsyslog side?
At the very least, could we do anything to make it so the duplicate
timestamps don't show up for some messages?
Thanks for your time.
Oct 17 09:42:55 Oct 17 2012 13:42:55 10.0.0.200 : %ASA-6-106100:
access-list host-25 permitted tcp host-25/10.0.0.25(3203) ->
untrust-v2108/10.0.0.30(6060)...
Oct 17 09:42:55 host-41 /12 13:42:54 [issue_cmd ]
RESULT:#012#01210/17/12 13:42:54 [issue_cmd ] PING 10.0.0.20
(10.0.0.20): 56 data bytes#012#01210/17/12 13:42:54 [issue_cmd
] 64 bytes from 10
Oct 17 13:42:55 host-41 Vpxa:
Oct 17 13:42:55 host-41 Vpxa: [2012-10-17 13:42:55.030 12345ABC verbose
'App'] [VpxaVMAP::Invoke] Command returned successfully
Oct 17 09:29:52 host-99 #012#01210/17/12 13:29:51 [print_args
] PWD=/var/log/vmware/vpx#012#01210/17/12 13:29:51
[print_args ] PS_OPTIONS=#012#01210/17/12 13:29:51
[print_args ] FT_N
Oct 17 09:30:04 host86.example.com
MSWinEventLog#0110#011Security#00000000#011Wed Oct 17 09:30:03
2012#0000000#011Microsoft-Windows-Security-Auditing#011EXAMPLE\host86$#011N/A#011Success
Audit#011host86.example.com#011Proces
Oct 17 09:29:57 10.0.0.100 1234567: Oct 17 13:29:56.474 UTC:
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/31,
changed state to down
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
