Messages

Hi Dean,
Not sure what version of rsyslog.
The logs I am getting are all level 6 or higher, so debugging is off (at the device syslog) but not sure if the rsyslog server has it on.  (The rsyslog server is receiving the logs from an f5 device that is aggregating router logs and forwarding them to the rsyslog server which is forwarding them to my team...)
Thanks!

I am parsing logs and have a rsyslog record append with the following format:

Dec 15 00:00:00 FQDN.com ###: Regular syslog message

The ### can be from 3 to 9 digits long integer and seems to be a one up type of scheme. 

I cannot find it in the rsyslog docs. 

I was told it was a rsyslog log cat number but I cannot find any reference to that in the docs either.

Thanks

Can some one help explain this syslog format (as it deviates from normal IOS syslog messages)

Dec 15 00:00:00.000: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:0.0 Thread: 139 TS:00000000000000000000 %IPSEC-3-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet, dest_addr=10.10.10.10, src_addr=1.1.1.1. prot=47

Is there a place that defines the fields (E.G. Thread)?

Is there look-up tables for thread#'s (EG 139 is XXX)?