[rsyslog-notify] Forum Thread: Re: Removing <PRI> in a forwarded syslog message - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Sep 30 23:31:45 CEST 2015
User: smartdave
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25978#p25978
Message:
----------
I figured it out. It was firewalld in Centos7 that was blocking the
inbound syslog
But now I have another issue. the template you gave is not working as I
had hoped
The first line is the %rawmsg% and the second line is your template above.
You can see the <PRI>date time is very different between the first and the
second line. Any thoughts?
[][][192.168.30.2][1443642763][] <30>2015:09:30-15:52:43 sophos
epsecd[5607]: I id="4212" severity="info" sys="System" sub="epsecd"
name="Acknowledging report(s)" reports="-1"
[][][192.168.30.2][1443642726][] Sep 30 15:52:06 192.168.30.2 2015:
09:30-15:52:06 sophos epsecd[5607]: I id="4212" severity="info"
sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
Thanks
Dave
More information about the rsyslog-notify
mailing list