cancel
Showing results for 
Search instead for 
Did you mean: 

MWG 7 rsyslog (old) - issue with format

Hi,

MWG has a very old version of rsyslog which appeads time and hostname so a message which is a issue; particually if forwarded to a remote syslog server as it is double stampted confusing SIEM solutions.

Version 3 has a option to remove this.

rsyslog event:

Oct  4 14:13:18 x.x.10.36 mwg: [04/Oct/2011:14:13:18 +0800]  blah blah

Actual log should be:

[04/Oct/2011:01:03:07 +0800] blah blah

Please advise how we can remove "Oct  4 14:13:18 x.x.10.36 mwg:" being prepended.

References.

http://www.rsyslog.com/doc/v3compatibility.html

http://kb.monitorware.com/central-logging-problems-unwanted-characters-t8491.html

0 Kudos