Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
217
Views
0
Helpful
0
Replies

CSCvw95062 - Additional fields if Syslog Push is used

desmith.wustl
Level 1
Level 1

‎01-20-2021 06:22 AM

As the customer reporting this issue, I want to be clear on what I'm requesting.

A line being pushed via syslog looks something like this:

sending-proxy.org logsubname: Info: 1234567890.123 (a bunch of log data)

The 'sending-proxy.org' is the hostname of the proxy, and 'logsubname' is the name of the log subscription as configured in the WSA's log subscription screen. Then there is the literal string ": Info: " (colon, space, Info, colon, space). Then an epoch-style timestamp, then the actual meat of the log data.

I need to be able to remove the garbage literal ": Info: " (colon, space, Info, colon, space). This is redundant, as the log facility and log level are part of the syslog packet elsewhere, and the inclusion of this chunk of gibberish text is causing problems with log parsing in other contexts (in my case, ingesting the logs into Splunk).

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Top