Cisco Syslog Parser – slides

by gorthx

Here are the slides from my talk this week. A link to the accompanying podcast will be along soon.

Other fun things we discussed at the meeting:

Thanks for the lively discussion!

[edit] podcast!

[edit] Clarification of two items from the podcast:
– multiline messages do indeed come in multiple packets. There is a message counter that increments for each message, so you could use the host name + message counter to match up multi-line messages. For what I’m doing, the important part is in that first line, so the payoff isn’t worth the investment.
– re hypens in the mnemonic field of the system message: I went back through and wasn’t able to find any examples of this, so I retract my statement. (I do have examples of system messages with hyphens in the facility field.)

