Options
Syslog double spacing timestamp
Hi all, we're trying to get logs in the syslog format into Sentinel, the agent is ignoring the logs due to the double spacing in the timestamp.
Nov 2 15:07:16 XXXX_M390_XXX (2023-11-02T04:37:16) https-proxy[2709]:
Has anyone experienced this issue? Any fixes?
Cheers!
0
Sign In to comment.
Comments
Not heard of this issue before...
For the record, what Fireware version are you running?
Thanks Bruce, Fireware version v12.10.B685791
Our vendor mentioned that it could be to allow for double digit dates?
To clarify, the double space is after Nov at the beginning of the log.
We didn't make any changes, but the logs are now being ingested with no issues.