Cisco Format
Edwin Groothuis
edwin at mavetju.org
Sun Nov 2 01:02:00 CET 2003
On Fri, Oct 31, 2003 at 02:39:37PM +0100, Wytze van der Raay wrote:
> anderson wrote:
>
> > I've set up Lire and everything seems fine except that it doesn't seem
> > to get any data when I ask it to parse my Cisco router's log. The format
> > is as below:
> >
> > Oct 31 09:00:53 192.168.0.223 83843: *Mar 8 17:58:46:
> > %SEC-6-IPACCESSLOGP: list 199 permitted tcp 192.168.0.28(3128)
> > (FastEthernet1/0 0002.55d6.92a3) -> 192.168.0.33(3607), 1 packet
> >
> > It seems that cisco_ios2dlf expects that log->{process} will contain
> > '%SEC-6-IPACCESSLOGP' but Lire::Syslog has placed (using the above
> > example) '83843' in log->{process} instead.
>
> Lire::Syslog is confused by the asterisk (*) preceding the cisco-
> generated time stamp "*Mar 8 17:58:46". Do you know why it is there?
Means the machine is not NTP time synced.
Edwin
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin at mavetju.org | Weblog: http://www.mavetju.org/weblog/weblog.php
--
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of
"unsubscribe". Trouble? Send an email with subject "help" to
questions-request at logreport.org
More information about the Questions
mailing list