Syslog output has strange header

Forum|Forum|12 years ago
September 19, 2013
2 replies
5417 views

I am trying to eliminate or turn off a header that the Fortigate is sending to all log entries when I output to Syslog format. Using FortiOS 4.3.14. Each log line has an odd 3-digit " header" at the start of each log message and I am not able to figure out what it means. It is one of three codes (<188>, <189>, or <190>) on each line. Sample below.

  <190>date=2013-09-19 time=14:19:33 devname  ....  <189>date=2013-09-19 time=14:19:33 devname  ....  <188>date=2013-09-19 time=14:19:33 devname

Does anyone know what this is or how to turn it off?

billpAuthor

New Member

Never mind :) I figured it out. It' s the PRI field for the syslog.

SiGmail

New Member

Hi billp

I am also having issues with the PRI field in the syslog messages being sent to my syslog server i.e. <189> <190>.

Did you find a way to turn this off?

Also I am not getting attack logs received i.e. type="utm" and subtype="ips" even though I can see them in the GUI and in the CLI. Have you seen this type of issue on your systems?

Many thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded