Insider 2020-10: Cisco; Signal Messenger; PCRE dupnames;

Dear syslog-ng users,

This is the 85th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Parsing Cisco logs in syslog-ng

Log messages generated by Cisco devices look like syslog messages at first glance, but on a closer inspection you will see that there are many smaller differences. By default, syslog-ng treats all incoming messages as syslog messages, however, Cisco logs do not conform. Log messages collected over the network from Cisco devices and saved to a file look broken. There are many Cisco log variants but luckily a good part of them are covered by the cisco-parser() of syslog-ng.From this blog you can learn how the Cisco parser in syslog-ng works and how you can check if it really works with your Cisco log messages.

Sending alerts to Signal Messenger from syslog-ng

Signal Messenger is becoming the instant messaging platform of choice for privacy-minded individuals, including many sysadmins. No wonder that some of them would like to see alerts from syslog-ng in this IM platform. Developing a new destination for syslog-ng from scratch in the C programming language is a considerable effort. As a result, this first implementation is utilizing an already existing command line application. Below, you can learn about an initial implementation, and why it is not part of syslog-ng.

Enabling PCRE dupnames in syslog-ng

One of the major syslog-ng features is that it can parse log messages and create name-value pairs from them. Until now the PCRE parser could not handle duplicate names for named subpatterns. Version 3.29 of syslog-ng resolves this issue by adding the “dupnames” flag. From this blog you can learn why the dupnames flag is important and how you can enable and test it.


Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit:

Related Content