Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Syslog formats changed (msg field Data overload)
  •  
BudDurland

Messages: 348

Karma: 10
Send a private message to this user
With the upgrade to version 8.4, the format of the data being sent to a syslog server has changed. We send a couple of the logs to a database via Kiwi Syslog, but we're seeing the same behavior using a linux syslog utility.

The basic problem is that the log message also contains all the other fields in a space-delimited format. For example, pre- version 8.4, we would get this:

{DELETE} Protocol: POP3, User: JohnDoe@Example.com, IP: 1.1.1.1, Folder: ~JohnDoe@Example.com/INBOX, From: "RSA Conference" <info@acme.com>, Subject: "The Message Subject is here", Msg-Id: <24181555.128099261421162107911.JavaMail.app<_at_>rbg31.atlis1>, Delivered: 13/Jan/2015 10:20:43, Size: 32755"


Now we get

2015-01-13T10:20:44-05:00 keriomail.mydomain.Local KConnect - - - ? {DELETE} Protocol: POP3, User: JohnDoe@Example.com, IP: 1.1.1.1, Folder: ~JohnDoe@Example.com/INBOX, From: "RSA Conference" <info@acme.com>, Subject: "The Message Subject is here", Msg-Id: <24181555.128099261421162107911.JavaMail.app<_at_>rbg31.atlis1>, Delivered: 13/Jan/2015 10:20:43, Size: 32755"


This kinda fouls up parsing the message logs. Is there anyway to have the Syslog MSG filed be just the MSG?

Good is better than evil because it's nicer
--Mammy Yokum
Previous Topic: Failed to get user's personal contact.
Next Topic: Outlook 2013 does not send emails
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Aug 24 10:30:12 CEST 2017

Total time taken to generate the page: 0.00375 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.