[phpLogCon] Field 'host' does not display at the correct column
Joaquin Petersen
jpeters2 at wested.org
Mon Nov 13 17:40:35 CET 2017
Hi,
You may need to investigate the format in which your switch vendor produces logs. I've seen a similar condition with Aruba switches:
http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Question-about-syslog-message-format/td-p/8918
It may come down to parsing the format sent by your switch for entry in to your sql db. There may be a plugin already available, but I haven't gotten far enough to find one.
From: "luckydog xf" <luckydogxf at gmail.com>
To: phplogcon at lists.adiscon.com
Sent: Monday, November 13, 2017 2:05:50 AM
Subject: [phpLogCon] Field 'host' does not display at the correct column
Hi,
I'm running MySQL and Rsyslog to analyze Switch logs. Below is the
original log entry.
==============================
Nov 13 17:32:01 2017 AAA %%10SC/6/SC_AAA_SUCCESS(l):
-DevIP=10.10.3.241-AAAType=ACCOUNT-AAAScheme= radius-scheme
test-Service=login-UserName=h3c at system; AAA is successful.
===============================
/etc/rsyslog.conf is pretty simple:
local7.* :ommysql:127.0.0.1,Syslog,rsyslog,xxxx
===============================================
Date Facility Severity Host Syslogtag ProcessID Messagetype Message
Today 17:42:14 LOCAL7 WARNING 2017 AAA
.........
================================================
Apparently,field "Host" should be AAA, while "2017" should be the first
column. So what's the probable reason causing problem?
Thanks a lot.
_______________________________________________
phpLogCon mailing list
http://lists.adiscon.net/mailman/listinfo/phplogcon
http://www.phplogcon.org
More information about the phpLogCon
mailing list