Hi,
I have a Speedtouch router that produces firewall events whose PRI value
is <84> (auth.notice, according to RFC3164). I have a script that
retrieves events from the router via Telnet, and passes them on to
rsyslog via UDP.
The firewall events with PRI=<84> are dropped. If I modify the script so
that they are submitted to rsyslog with a PRI of <36> (facility changed
from 10 to 4), they are logged. They are also logged if the facility is
13 ("audit"?).
According to RFC3614, facilities numbers 4 and 10 are both "auth". I
haven't inspected the source, but I suspect that rsyslog doesn't like
facility number 10, and is ignoring it. Is this a correct
interpretation? Why should it object to this facility in particular?
Regards,
--
Jack.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
