Description
Hello,
it seems like napalm-logs is missing some kind of translation for the ietf standard.
- Or an option to set syslog messages as ietf standard.
I've configured the napalm-syslog server with basic configuration, no changes. Only set an ipaddress, port and disabled security.
Napalm-Logs is expecting the syslog message in following syntax:
<129>Oct 23 15:58:20 berlin cscript "message"
When i am looking at my tcpdump, juniper output as well as napalm log, the date format differs.
Juniper: Oct 23 15:58:20
TCP: 2017-10-23T16:02:38.950+02:00
napalm log: 2017-10-23T16:02:38.950+02:00
tcpdump:
Msg: 1 2017-10-23T16:02:38.950+02:00 berlin cscript - - - MX80 SN:XXXXX has booted 16.1R4-S4.3.
Uptime is 9 days, 23 hours, 7 minutes, 20 seconds
junos:
lab@berlin>show log messages | last 1
Oct 23 15:58:20 berlin cscript: MX80 SN:XXXXX has booted 16.1R4-S4.3. Uptime is 9 days, 23 hours, 3 minutes, 5 seconds
var/log/napalm/logs:
Dequeued message from <129>1 2017-10-23T16:02:38.950+02:00 berlin cscript - - - MX80 SN:XXXXX has booted 16.1R4-S4.3. Uptime is 9 days, 23 hours, 7 minutes, 20 seconds: 1508766848.76
2017-10-23 15:54:08,764,765 [napalm_logs.server][DEBUG ] Matching under junos
2017-10-23 15:54:08,765,765 [napalm_logs.server][DEBUG ] Matching using YAML-defined profiler:
2017-10-23 15:54:08,765,765 [napalm_logs.server][DEBUG ] <(\d+)>(\w+\s+\d+)\s+(\d\d:\d\d:\d\d)\s+(re\d.)?([^ ]+)\s+/?(\w+)[?(\d+)?]?:\s+([\w\s]+):(.*)
2017-10-23 15:54:08,765,765 [napalm_logs.server][DEBUG ] Match not found
Cheers!