Syslog double spacing timestamp

Hi all, we're trying to get logs in the syslog format into Sentinel, the agent is ignoring the logs due to the double spacing in the timestamp.

Nov 2 15:07:16 XXXX_M390_XXX (2023-11-02T04:37:16) https-proxy[2709]:

Has anyone experienced this issue? Any fixes?



  • Options
    edited November 2023

    Not heard of this issue before...

    For the record, what Fireware version are you running?

  • Options

    Thanks Bruce, Fireware version v12.10.B685791

    Our vendor mentioned that it could be to allow for double digit dates?

    To clarify, the double space is after Nov at the beginning of the log.

  • Options

    We didn't make any changes, but the logs are now being ingested with no issues.

Sign In to comment.