0 Replies Latest reply on Oct 4, 2011 6:09 AM by ericappelboom

    MWG 7 rsyslog (old) - issue with format

    ericappelboom

      Hi,

      MWG has a very old version of rsyslog which appeads time and hostname so a message which is a issue; particually if forwarded to a remote syslog server as it is double stampted confusing SIEM solutions.

      Version 3 has a option to remove this.

       

      rsyslog event:

      Oct  4 14:13:18 x.x.10.36 mwg: [04/Oct/2011:14:13:18 +0800]  blah blah

       

      Actual log should be:

      [04/Oct/2011:01:03:07 +0800] blah blah

       

      Please advise how we can remove "Oct  4 14:13:18 x.x.10.36 mwg:" being prepended.

       

      References.

      http://www.rsyslog.com/doc/v3compatibility.html

      http://kb.monitorware.com/central-logging-problems-unwanted-characters-t8491.htm l