Rsyslog - Space between hour and minute

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


Rsyslog - Space between hour and minute

Postby mat_b » Fri Jan 12, 2018 2:20 am

Hi,
I have recently setup a rsyslog 8.24.0 server to accept remote syslog and noticed behaviour with logs from a few devices (RSA SecurID appliance being one) that I haven't noticed before.

With the default template, rsyslog writes the syslog message like this (Note the space between the hour and minute in the message.:
Jan 11 14:44:20 2018-01-11 14: 44:20,575, random.com, audit.runtime.com.rsa.ims.authn.impl.AuthenticationBrokerImpl...


With the debug template in place it looks like this:
FROMHOST: 'random.com', fromhost-ip: '10.1.1.1', HOSTNAME: '2018-01-11', PRI: 14,
syslogtag '14:', programname: '14', APP-NAME: '14', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Jan 11 14:47:21', STRUCTURED-DATA: '-',
msg: '47:21,806, random.com, audit.runtime.com.rsa.ims.authn.impl.AuthenticationBrokerImpl...


Tcpdump looks like this
15:44:01.626081 IP (tos 0x0, ttl 64, id 33579, offset 0, flags [DF], proto UDP (17), length 648)
random.com.58415 > syslog.random.com.syslog: [udp sum ok] SYSLOG, length: 620
Facility user (1), Severity info (6)
Msg: 2018-01-11 15:44:01,624, random.com, audit.runtime.com.rsa.ims.authn.impl.AuthenticationBrokerImpl...


For now I have created custom templates to put it back together however I'd like to know why it's happening.

Any help in understanding this is appreciated!
mat_b
New
 
Posts: 1
Joined: Fri Jan 12, 2018 1:42 am

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Configuration

Who is online

Users browsing this forum: No registered users and 1 guest

cron