Syslog double spacing timestamp

Hi all, we're trying to get logs in the syslog format into Sentinel, the agent is ignoring the logs due to the double spacing in the timestamp.

Nov 2 15:07:16 XXXX_M390_XXX (2023-11-02T04:37:16) https-proxy[2709]:

Has anyone experienced this issue? Any fixes?



  • edited November 6

    Not heard of this issue before...

    For the record, what Fireware version are you running?

  • Thanks Bruce, Fireware version v12.10.B685791

    Our vendor mentioned that it could be to allow for double digit dates?

    To clarify, the double space is after Nov at the beginning of the log.

  • We didn't make any changes, but the logs are now being ingested with no issues.

Sign In to comment.