RSA Admin

Aix Logs getting truncated

Discussion created by RSA Admin Employee on Sep 17, 2012
Latest reply on Sep 23, 2012 by RSA Admin

Hi,

 

When syslog configuration on Aix server is configured to send logs directly to RSA envision collector, the complete log reaches the collector.

 

But when it was configured through proxy(syslog ng) the log is getting truncated.

 

I could see the complete log that reaches proxy server using tcpdump, but when it reaches collector its been truncated. Especially the "message forwarded from"string in Aix logs is getting truncated.

 

As the stock parser of Aix always has "message forwarded from" in the xml header, so the logs from Aix discovers as unknown or linux.

 

Any troubleshooting steps please assist?

Outcomes