Description
We are using rsyslog to capture the logs in Observium. The messages from our Citrix ADC virtual appliances seem to be truncated.
Original message (tcpdump on port 514):
10:49:36.461706 IP (tos 0x0, ttl 253, id 19565, offset 0, flags [none], proto UDP (17), length 228)
10.250.128.20.32730 > 10.250.32.100.syslog: [udp sum ok] SYSLOG, length: 200
Facility local0 (16), Severity notice (5)
Msg: 01/19/2021:09:49:33 GMT DCRX-ANS-P003 0-PPE-0 : default EVENT DEVICEDOWN 35996673 0 : Device "server_serviceGroup_NSSVC_SSL_10.250.65.21:8636(SVG_PRD_HTTPS_DS?DCRX-LDM-P002?8636)" - State DOWN\0x0a
0x0000: 3c31 3333 3e20 3031 2f31 392f 3230 3231
0x0010: 3a30 393a 3439 3a33 3320 474d 5420 4443
0x0020: 5258 2d41 4e53 2d50 3030 3320 302d 5050
0x0030: 452d 3020 3a20 6465 6661 756c 7420 4556
0x0040: 454e 5420 4445 5649 4345 444f 574e 2033
0x0050: 3539 3936 3637 3320 3020 3a20 2044 6576
0x0060: 6963 6520 2273 6572 7665 725f 7365 7276
0x0070: 6963 6547 726f 7570 5f4e 5353 5643 5f53
0x0080: 534c 5f31 302e 3235 302e 3635 2e32 313a
0x0090: 3836 3336 2853 5647 5f50 5244 5f48 5454
0x00a0: 5053 5f44 533f 4443 5258 2d4c 444d 2d50
0x00b0: 3030 323f 3836 3336 2922 202d 2053 7461
0x00c0: 7465 2044 4f57 4e0a
Syslog debug output (enabled #$config['syslog']['debug'] = TRUE
:
[2021/01/19 10:48:22 +0100] syslog.php(84224): dcrx-ans-p003||16||5||5||||2021-01-19 10:48:22|| 01/19/2021:09:48:19 GMT DCRX-ANS-P003 0-PPE-0 : default EVENT DEVICEDOWN 35993973 0 : Device "server_serviceGroup_NSSVC_SSL_10.250.65.21:8636(SVG_PRD_HTTPS_DS?DCRX-LDM-P002?8636)" - State DOWN||
[2021/01/19 10:48:59 +0100] syslog.php(84224): dcrx-ans-p003||16||5||5||||2021-01-19 10:48:59|| 01/19/2021:09:48:56 GMT DCRX-ANS-P003 0-PPE-0 : default EVENT DEVICEUP 35995288 0 : Device "server_serviceGroup_NSSVC_SSL_10.250.65.21:8636(SVG_PRD_HTTPS_DS?DCRX-LDM-P002?8636)" - State UP||
[2021/01/19 10:49:36 +0100] syslog.php(84224): dcrx-ans-p003||16||5||5||||2021-01-19 10:49:36|| 01/19/2021:09:49:33 GMT DCRX-ANS-P003 0-PPE-0 : default EVENT DEVICEDOWN 35996673 0 : Device "server_serviceGroup_NSSVC_SSL_10.250.65.21:8636(SVG_PRD_HTTPS_DS?DCRX-LDM-P002?8636)" - State DOWN||
[2021/01/19 10:50:08 +0100] syslog.php(84224): dcrx-ans-p003||16||5||5||||2021-01-19 10:50:08|| 01/19/2021:09:50:06 GMT DCRX-ANS-P003 0-PPE-0 : default EVENT DEVICEUP 35997958 0 : Device "server_serviceGroup_NSSVC_SSL_10.250.65.21:8636(SVG_PRD_HTTPS_DS?DCRX-LDM-P002?8636)" - State UP||
[2021/01/19 10:50:24 +0100] syslog.php(84224): dcrx-ans-p003||16||5||5||||2021-01-19 10:50:24|| 01/19/2021:09:50:22 GMT DCRX-ANS-P003 0-PPE-0 : default EVENT DEVICEDOWN 35998539 0 : Device "server_serviceGroup_NSSVC_SSL_10.250.65.21:8636(SVG_PRD_HTTPS_DS?DCRX-LDM-P002?8636)" - State DOWN||
[2021/01/19 10:50:57 +0100] syslog.php(84224): dcrx-ans-p003||16||5||5||||2021-01-19 10:50:57|| 01/19/2021:09:50:54 GMT DCRX-ANS-P003 0-PPE-0 : default EVENT DEVICEUP 35999829 0 : Device "server_serviceGroup_NSSVC_SSL_10.250.65.21:8636(SVG_PRD_HTTPS_DS?DCRX-LDM-P002?8636)" - State UP||
The output in the Observium web interface:
Attachments
Issue Links
- relates to
-
OBS-523 Can we have netscaler syslog parsed by syslog.php?
-
- Closed
-