On 2015-02-13 10:24 AM, David Lang wrote:
On Thu, 12 Feb 2015, James Lay wrote:
I am curios: can you let me know how the format looks now?
Rainer
You bet....here's what is working now:
Feb 12 00:03:03 x.x.x.x "[12/Feb/2015: 00:03:04 -0700]" x.x.x.x - -
TCP_DENIED DENIED 407 GET
http://www.google-analytics.com/analytics.js -
- "Web Ads/Analytics"#015
What's new is the additional timestamp in quotes...that and the
#015....I didn't see the #015 using syslog-ng, so I think it's how
rsyslog interprets what's being sent, but I'm not good enough with
rsyslog to know how to fix it yet. Thanks Rainer.
the #015 is a control character that's being escaped (I sent a mail
to the list yesterday going into details on that) #015 is a carriage
return, which means that the thing sending the logs is sending them
is
DOS cr/lf line endings instead of the syslog spec lf (aka newline)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
Thanks David....yea I've just adjusted my monitoring/reporting
scripts...just gonna drive on and not worry about them :) As always,
thanks so much for your responses and help.
James
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
