Thank you!! With RSYSLOG_DebugFormat template, I've got following.
Debug line with all properties: FROMHOST: '10.x.x.x' fromhost-ip: '10.x.x.x' HOSTNAME: 'SRX-Hostname' PRI: 14, syslogtag 'RT_FLOW' programname: 'RT_FLOW' APP-NAME: 'RT_FLOW' PROCID: '-' MSGID: 'RT_FLOW_SESSION_CREATE', TIMESTAMP: 'Apr 26 11:00:00' STRUCTURED-DATA: '[[email protected] source-address=~(snipped)]', msg: '' escaped msg: '' Applying custom template(below) got a correct logs. $template srxlog,"%TIMESTAMP% %FROMHOST% %HOSTNAME% %APP-NAME% %MSGID% %STRUCTURED-DATA%\n" Thank you! > please log a message with the template RSYSLOG_DebugFormat so we can see the > raw > message and how it's parsed. > > David Lang > > On Mon, 26 Apr 2021, ca--- via rsyslog wrote: > > > Date: Mon, 26 Apr 2021 11:07:07 +0900 > > From: ca--- via rsyslog <[email protected]> > > To: rsyslog-users <[email protected]> > > Cc: [email protected] > > Subject: [rsyslog] messages are truncated after "-" > > > > Hi Experts > > > > I encountered strange behavior that rsyslog truncates message after "-". > > The log message sent from Juniper SRX firewall is like this. (I confirmed > > it with tcpdump) > > > > 2021-04-23T21:30:00.111.+00:00 SRX-HOSTNAME RT_FLOW - > > RT_FLOW_SESSION_CREATE [junos@~~~ > > > > But on the log file, I only got > > > > Apr 23 21:30:00 SRX-HOSTNAME RT_FLOW > > > > > > I thought wrong templates was applied, so added following > > > > $template srxlog,"%msg%\n" > > :&fromhost-ip, isequal, SRX-IP, /var/log/SRX-HOSTNAME.log > > > > But result was empty lines were logged on the file. > > > > Does anyone help this situation? > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > > > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
