So , Cisco devices get syslogged, but netscaler, they are not.
It seems like it's related to how the netscaler are doing their syslog.
This is a cisco log entry which gets parsed:
Oct 3 23:58:55 10.32.10.18 417597: r1.ix5: Oct 3 23:58:54.336 UTC: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.32.10.20 (tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-md5' Succeeded
This is an entry from a netscaler:
Oct 3 23:58:39 10.70.66.249 10/03/2013:16:49:07 GMT dk-lb001a PPE-4 : UI CMD_EXECUTED 10367926 : User so_readonly - Remote_ip 10.70.66.56 - Command "stat lb vserver" - Status "Success"
So, it seems they have the timestamps & device name switched.
Should be easy to fix, right?