Hot!Syslog output has strange header

Author
billp
Expert Member
  • Total Posts : 846
  • Scores: 51
  • Reward points: 0
  • Joined: 2009/05/20 23:44:05
  • Location: Pacific Northwest
  • Status: offline
2013/09/19 15:12:07 (permalink)
0

Syslog output has strange header

I am trying to eliminate or turn off a header that the Fortigate is sending to all log entries when I output to Syslog format. Using FortiOS 4.3.14.

Each log line has an odd 3-digit " header" at the start of each log message and I am not able to figure out what it means.

It is one of three codes (<188>, <189>, or <190>) on each line. Sample below.


<190>date=2013-09-19 time=14:19:33 devname
....
<189>date=2013-09-19 time=14:19:33 devname
....
<188>date=2013-09-19 time=14:19:33 devname

Does anyone know what this is or how to turn it off?

Bill

==========
Fortigate 600C 5.0.12, 111C 5.0.2
Logstash 1.4.1
#1

2 Replies Related Threads

    billp
    Expert Member
    • Total Posts : 846
    • Scores: 51
    • Reward points: 0
    • Joined: 2009/05/20 23:44:05
    • Location: Pacific Northwest
    • Status: offline
    RE: Syslog output has strange header 2013/09/19 16:11:07 (permalink)
    0
    Never mind :) I figured it out. It' s the PRI field for the syslog.

    Bill

    ==========
    Fortigate 600C 5.0.12, 111C 5.0.2
    Logstash 1.4.1
    #2
    Si
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/26 05:26:39
    • Status: offline
    Re: Syslog output has strange header 2019/10/09 05:12:52 (permalink)
    0
    Hi billp
    I am also having issues with the PRI field in the syslog messages being sent to my syslog server i.e. <189> <190>.
    Did you find a way to turn this off?
    Also I am not getting attack logs received i.e. type="utm" and subtype="ips" even though I can see them in the GUI and in the CLI. Have you seen this type of issue on your systems?
    Many thanks
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5