[rsyslog-notify] Forum Thread: Re: BlueCoat SG and Rsyslog - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Dec 30 21:48:30 CET 2015
User: jefair2
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26254#p26254
Message:
----------
For the record, the way that BlueCoat ships their Access logs is
essentially as a giant data dump. It is in no way RFC compliant with syslog
standards, and it is technically just cheating by sending it to a port and
have it parsed/received by syslog. The only other option is to send it via
FTP... which is not an option for me. So I essentially need something that
can just strip the TCP/ETHERNET headers from the "message" and stick
everything into a file as-is.
More information about the rsyslog-notify
mailing list