[Lognorm] Cisco %SNMP-3-AUTHFAIL:
david at lang.hm
david at lang.hm
Wed Jan 19 00:47:00 CET 2011
you would need to escape the % in front of %SNMP, that's probably throwing
off the parser.
I don't know how you would actually _do_ that though.
David Lang
-------------- next part --------------
How does liblognorm deal with something like this:
1w3d: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 192.168.0.1
I'm wondering if the %SNMP-3-AUTHFAIL will cause problems. For
example, this rule:
rule=: %uptime:word% %authfail:word% Authentication failure for SNMP req from host %src-ip:ipv4%
Works fine. This one:
rule=: %uptime:word% %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host %src-ip:ipv4%
Does not.
Normalize output: [cee at 115 originalmsg=" 1w3d: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 66.177.167.194" unparsed-data="Authentication failure for SNMP req from host 66.177.167.194"]
--
Champ Clark III | Softwink, Inc | 800-538-9357 x 101
http://www.softwink.com
GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7 6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20110118/db75ef2e/attachment.pgp>
-------------- next part --------------
_______________________________________________
Lognorm mailing list
Lognorm at lists.adiscon.com
http://lists.adiscon.net/mailman/listinfo/lognorm
More information about the Lognorm
mailing list