Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
140
Views
0
Helpful
0
Replies

CSCvw95062 - Additional fields if Syslog Push is used

desmith.wustl
Level 1
Level 1

‎01-20-2021 06:22 AM

As the customer reporting this issue, I want to be clear on what I'm requesting.

A line being pushed via syslog looks something like this:

sending-proxy.org logsubname: Info: 1234567890.123 (a bunch of log data)

The 'sending-proxy.org' is the hostname of the proxy, and 'logsubname' is the name of the log subscription as configured in the WSA's log subscription screen. Then there is the literal string ": Info: " (colon, space, Info, colon, space). Then an epoch-style timestamp, then the actual meat of the log data.

I need to be able to remove the garbage literal ": Info: " (colon, space, Info, colon, space). This is redundant, as the log facility and log level are part of the syslog packet elsewhere, and the inclusion of this chunk of gibberish text is causing problems with log parsing in other contexts (in my case, ingesting the logs into Splunk).

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents