you cut out the parts that we need to see to understand what's happening.
we need the rawmsg field that you trimmed off.
David Lang
On Mon, 26 Apr 2021, [email protected] wrote:
Date: Mon, 26 Apr 2021 16:49:06 +0900
From: [email protected]
To: David Lang <[email protected]>
Cc: ca--- via rsyslog <[email protected]>, [email protected]
Subject: Re: Re: [rsyslog] messages are truncated after "-"
Thank you!!
With RSYSLOG_DebugFormat template, I've got following.
Debug line with all properties:
FROMHOST: '10.x.x.x'
fromhost-ip: '10.x.x.x'
HOSTNAME: 'SRX-Hostname'
PRI: 14,
syslogtag 'RT_FLOW'
programname: 'RT_FLOW'
APP-NAME: 'RT_FLOW'
PROCID: '-'
MSGID: 'RT_FLOW_SESSION_CREATE',
TIMESTAMP: 'Apr 26 11:00:00'
STRUCTURED-DATA: '[[email protected] source-address=~(snipped)]',
msg: ''
escaped msg: ''
Applying custom template(below) got a correct logs.
$template srxlog,"%TIMESTAMP% %FROMHOST% %HOSTNAME% %APP-NAME% %MSGID%
%STRUCTURED-DATA%\n"
Thank you!
please log a message with the template RSYSLOG_DebugFormat so we can see the raw
message and how it's parsed.
David Lang
On Mon, 26 Apr 2021, ca--- via rsyslog wrote:
Date: Mon, 26 Apr 2021 11:07:07 +0900
From: ca--- via rsyslog <[email protected]>
To: rsyslog-users <[email protected]>
Cc: [email protected]
Subject: [rsyslog] messages are truncated after "-"
Hi Experts
I encountered strange behavior that rsyslog truncates message after "-".
The log message sent from Juniper SRX firewall is like this. (I confirmed it
with tcpdump)
2021-04-23T21:30:00.111.+00:00 SRX-HOSTNAME RT_FLOW - RT_FLOW_SESSION_CREATE
[junos@~~~
But on the log file, I only got
Apr 23 21:30:00 SRX-HOSTNAME RT_FLOW
I thought wrong templates was applied, so added following
$template srxlog,"%msg%\n"
:&fromhost-ip, isequal, SRX-IP, /var/log/SRX-HOSTNAME.log
But result was empty lines were logged on the file.
Does anyone help this situation?
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
