On Thu, 12 Feb 2015, James Lay wrote:
I am curios: can you let me know how the format looks now?
Rainer
You bet....here's what is working now:
Feb 12 00:03:03 x.x.x.x "[12/Feb/2015: 00:03:04 -0700]" x.x.x.x - -
TCP_DENIED DENIED 407 GET http://www.google-analytics.com/analytics.js -
- "Web Ads/Analytics"#015
What's new is the additional timestamp in quotes...that and the
#015....I didn't see the #015 using syslog-ng, so I think it's how
rsyslog interprets what's being sent, but I'm not good enough with
rsyslog to know how to fix it yet. Thanks Rainer.
the #015 is a control character that's being escaped (I sent a mail to the list
yesterday going into details on that) #015 is a carriage return, which means
that the thing sending the logs is sending them is DOS cr/lf line endings
instead of the syslog spec lf (aka newline)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
