On Fri, 16 May 2014, Rainer Gerhards wrote: > Also, I don't think that ASA-3-611101 is part of the message, I think it's > going > to be the syslogtag > write a log with the RSYSLOG_DebugFormat template to check > also, putting - before the destination has no effect in rsyslog.
Thanks! That seems to be the thing. I found these lines in the debug-log: syslogtag '%ASA-3-611101:', programname: '%ASA-3-611101', APP-NAME: '%ASA-3-611101', PROCID: '', MSGID: '-', inputname: imudp rawmsg: '<163>May 19 2014 09:55:33: %ASA-3-611101: User authentication succeeded: Uname: eivind' syslogtag '%ASA-3-611101:', programname: '%ASA-3-611101', APP-NAME: '%ASA-3-611101', PROCID: '', MSGID: '-', inputname: imudp rawmsg: '<163>May 19 2014 09:55:33: %ASA-3-611101: User authentication succeeded: Uname: eivind' I'm now able to filter the logs as intended. Thanks! :) Regards Eivind Olsen _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
