MonitorWare Knowledge Base

Your first source for knowledge

Skip to content

Problem with netsceen log

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Post a reply

Problem with netsceen log

Postby hkcky on Wed Nov 21, 2007 10:00 am

Hi, I have tried rsyslog today. It is working great while log the Linux machines. But I am facing a serious problems while it log the Netscreen firewall log. It was installed in a Debian Etch.

The log of the netscreen in the /var/log/syslog was not in well format. It cannot know the delimit each record from netscreen.

I would like to know which article can teach me how to set the delimiter. It will be good if there is a example too.

Thank you very much. :)
hkcky
New
 
Posts: 3
Joined: Wed Nov 21, 2007 9:43 am
Top

RE: Problem with netsceen log

Postby rgerhards on Wed Nov 21, 2007 10:00 am

Do you have an example of the netscreen format you receive? I need both the raw format as well as what rsyslog parses out of it ;)

Rainer
User avatar
rgerhards
Site Admin
 
Posts: 1282
Joined: Thu Feb 13, 2003 11:57 am
Top

Postby hkcky on Thu Nov 22, 2007 11:11 am

Thanks for reply.

Actually, problem can be fixed when I set the netscreen from using tcp to udp to export the log.

The previous log is that each record is combined together with a tag. Rsyslog is split it every 2047 char.
hkcky
New
 
Posts: 3
Joined: Wed Nov 21, 2007 9:43 am
Top

Postby rgerhards on Thu Nov 22, 2007 12:02 pm

That sounds like a bug in Netscreen. They seem not to use the usual terminator (LF). Anyhow, I am glad you found a solution.

Rainer
User avatar
rgerhards
Site Admin
 
Posts: 1282
Joined: Thu Feb 13, 2003 11:57 am
Top

Google Ads

Post a reply

Return to Configuration

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
phpBB SEO

Time : 2.043s | 15 Queries | GZIP : On
cron