Showing results for 
Search instead for 
Did you mean: 

MWG 7 rsyslog (old) - issue with format


MWG has a very old version of rsyslog which appeads time and hostname so a message which is a issue; particually if forwarded to a remote syslog server as it is double stampted confusing SIEM solutions.

Version 3 has a option to remove this.

rsyslog event:

Oct  4 14:13:18 x.x.10.36 mwg: [04/Oct/2011:14:13:18 +0800]  blah blah

Actual log should be:

[04/Oct/2011:01:03:07 +0800] blah blah

Please advise how we can remove "Oct  4 14:13:18 x.x.10.36 mwg:" being prepended.


0 Kudos