Hello list, I have a couple cisco routers sending sip message debug information to an rsyslog server running on Centos 6.5.
I've setup the following template to separate out the logging files: $template DynaFile,"/var/log/%HOSTNAME%.log" *.* -?DynaFile $template MsgFormat,"%msg%\n" if $fromhost-ip == '10.0.250.4' then -?DynaFile;MsgFormat if $fromhost-ip == '10.1.1.6' then -?DynaFile;MsgFormat With these templates the output from the router is formatted as such (note date/timestamp/hostname): Apr 11 14:17:28 10.0.250.4 : //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg: Apr 11 14:17:28 10.0.250.4 : Received: Apr 11 14:17:28 10.0.250.4 : INVITE sip:[email protected]:5060SIP/2.0#015 Apr 11 14:17:28 10.0.250.4 : Via: SIP/2.0/TCP 10.0.6.30:5060 ;branch=z9hG4bK371ba1ab73caa#015 Apr 11 14:17:28 10.0.250.4 : From: "User Name" <sip:[email protected] >;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015 Apr 11 14:17:28 10.0.250.4 : To: <sip:[email protected]>#015 Apr 11 14:17:28 10.0.250.4 : Date: Fri, 11 Apr 2014 18:18:12 GMT#015 Apr 11 14:17:28 10.0.250.4 : Call-ID: [email protected]#015 Apr 11 14:17:28 10.0.250.4 : Supported: timer,resource-priority,replaces#015 Apr 11 14:17:28 10.0.250.4 : Min-SE: 1800#015 Apr 11 14:17:28 10.0.250.4 : User-Agent: Cisco-CUCM9.1#015 Apr 11 14:17:28 10.0.250.4 : Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY#015 Apr 11 14:17:28 10.0.250.4 : CSeq: 101 INVITE#015 Apr 11 14:17:28 10.0.250.4 : Expires: 180#015 Apr 11 14:17:28 10.0.250.4 : Allow-Events: presence#015 Apr 11 14:17:28 10.0.250.4 : Supported: X-cisco-srtp-fallback,X-cisco-original-called#015 Apr 11 14:17:28 10.0.250.4 : Cisco-Guid: 2734542720-0000065536-0000042552-0503709706#015 Apr 11 14:17:28 10.0.250.4 : Session-Expires: 1800#015 Apr 11 14:17:28 10.0.250.4 : P-Asserted-Identity: "User Name" < sip:[email protected]>#015 Apr 11 14:17:28 10.0.250.4 : Remote-Party-ID: "User Name" < sip:[email protected]>;party=calling;screen=yes;privacy=off#015 Received: INVITE sip:[email protected]:5060 SIP/2.0#015 Via: SIP/2.0/TCP 10.0.6.30:5060;branch=z9hG4bK371ba1ab73caa#015 From: "User Name" <sip:[email protected] >;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015 To: <sip:[email protected]>#015 Date: Fri, 11 Apr 2014 18:18:12 GMT#015 Call-ID: [email protected]#015 Supported: timer,resource-priority,replaces#015 Min-SE: 1800#015 User-Agent: Cisco-CUCM9.1#015 Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY#015 CSeq: 101 INVITE#015 Expires: 180#015 Allow-Events: presence#015 Supported: X-cisco-srtp-fallback,X-cisco-original-called#015 Cisco-Guid: 2734542720-0000065536-0000042552-0503709706#015 Session-Expires: 1800#015 P-Asserted-Identity: "User Name" <sip:[email protected]>#015 Remote-Party-ID: "User Name" <sip:[email protected] >;party=calling;screen=yes;privacy=off#015 Apr 11 14:17:28 10.0.250.4 : Contact: <sip:[email protected]:5060 ;transport=tcp>#015 Apr 11 14:17:28 10.0.250.4 : Max-Forwards: 70#015 Apr 11 14:17:28 10.0.250.4 : Content-Length: 0#015 Apr 11 14:17:28 10.0.250.4 : #015 Apr 11 14:17:28 10.0.250.4 : //6161/A2FDCF800000/SIP/Msg/ccsipDisplayMsg: And I want it to look like this (no date/timestamp/hostname): //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg: Received: INVITE sip:[email protected]:5060 SIP/2.0#015 Via: SIP/2.0/TCP 10.0.6.30:5060;branch=z9hG4bK371ba1ab73caa#015 From: "User Name" <sip:[email protected] >;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015 To: <sip:[email protected]>#015 Date: Fri, 11 Apr 2014 18:18:12 GMT#015 Call-ID: [email protected]#015 Supported: timer,resource-priority,replaces#015 Min-SE: 1800#015 User-Agent: Cisco-CUCM9.1#015 Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY#015 CSeq: 101 INVITE#015 Expires: 180#015 Allow-Events: presence#015 Supported: X-cisco-srtp-fallback,X-cisco-original-called#015 Cisco-Guid: 2734542720-0000065536-0000042552-0503709706#015 Session-Expires: 1800#015 P-Asserted-Identity: "User Name" <sip:[email protected]>#015 Remote-Party-ID: "User Name" <sip:[email protected] >;party=calling;screen=yes;privacy=off#015 Received: INVITE sip:[email protected]:5060 SIP/2.0#015 Via: SIP/2.0/TCP 10.0.6.30:5060;branch=z9hG4bK371ba1ab73caa#015 From: "User Name" <sip:[email protected] >;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015 To: <sip:[email protected]>#015 Date: Fri, 11 Apr 2014 18:18:12 GMT#015 Call-ID: [email protected]#015 Supported: timer,resource-priority,replaces#015 Min-SE: 1800#015 User-Agent: Cisco-CUCM9.1#015 Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY#015 CSeq: 101 INVITE#015 Expires: 180#015 Allow-Events: presence#015 Supported: X-cisco-srtp-fallback,X-cisco-original-called#015 Cisco-Guid: 2734542720-0000065536-0000042552-0503709706#015 Session-Expires: 1800#015 P-Asserted-Identity: "User Name" <sip:[email protected]>#015 Remote-Party-ID: "User Name" <sip:[email protected] >;party=calling;screen=yes;privacy=off#015 Contact: <sip:[email protected]:5060;transport=tcp>#015 Max-Forwards: 70#015 Content-Length: 0#015 #015 //6161/A2FDCF800000/SIP/Msg/ccsipDisplayMsg: >From what I've read $template MsgFormat,"%msg%\n" should work, so I'm a bit confused. If I comment out #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat the formatting is: 2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=rtpmap:0 PCMU/8000#015 2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=ptime:20#015 2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=rtpmap:101 telephone-event/8000#015 2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=fmtp:101 0-15#015 So its definitely rsyslog formatting, not the client side. Any help is appreciated, thanks. *Steve* _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
