Hi All,
I'm currently using syslogng to resolve an issue of which when
this specific device sends it's syslog msgs there will be multiple messages
into the packet.
With syslogng pe I have the following input:
source s_net { network(ip("0.0.0.0") port("514") transport("tcp")
multi-line-prefix("^<[0-9]{2}>(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)")
flags(validate-utf8)); };
This splits the packet into 2 or 3 messages depending on the starting
delimited and wondering if rsyslog would be able to do the same before
hitting onfile.
Example of a payload TCPDUMP
*START OF PACKET*
*Timestamp ip header etc....*
*<11> May 07 18:00:01 HOST XXXXXXXXXXX*
*<13> May 07 18:00:01 HOST YYYYYYYYYYYY*
*END OF PACKET*
Any help would appreciated.
Sincerely,
Michael
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
