Line feed (0x0A) character in PIX syslog messages

Hi experts,

We use a Cisco PIX-535, soft version 7.0(4)
The issue is that in all syslog messages sent by this PIX there is an extra line feed character (0x0A).
Like a message end delimiter.
But syslog RFC states that there is no need for message ending delimiter.
This extra line feed causing us much trouble and like to get rid of it.

Can somebody confirm is this a normal behaviour for a Cisco PIX?
Is there a command to change this behaviour?
Or this is just a somekind of "bug"?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There is a known bug in 7.0(4) for malformed packets, whilst the description of the bug doesn't exactly match what you're seeing, possibility that it may be.

Fix for the malform syslog messages is in PIXOS 7.0(5.1) and above.  Not terribly elegant fix though.
klaszloAuthor Commented:
Thank you Rexxus.
I understand from tour answer that this behaviour is not normal for PIX OS 7.0(4) syslog messages.

Regarding the "bug" you suggested I found something only here: 
There is a reference to a resolved caveat in PIX OS 7.0(6):
"CSCsd82355 = Malformed syslog packets may be generated. "
So an upgrade to 7.0(6) could be a solution?
Yes, I didn't include a URL in my previous reply as wasn't sure if you had partner level access to bugtracker.

But yes an upgrade may be the only fix
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

klaszloAuthor Commented:
An update:
Cisco ASA with OS 8.0.3 is also sending a LF character at the end of each syslog message.
So the upgrade from 7.0(4) to newer version may not be a solution.

This extra LF cause the syslog parser to treat each message as 2 messages, one useful and one empty useless. And the parser is parsing the empty messages too, loosing time.
At high rate of syslog messages this cause latency.
I'm out of ideas.

If you have a service level agreement with a cisco partner or cisco, I'd look at raising a TAC case and escalating it as an (undiscovered/undisclosed) IOS bug

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
klaszloAuthor Commented:
I understood that Cisco use various forms of syslog messages.
For example syslog messages coming from Cisco switches and routers do not have any LF at their end.
But Cisco PIX and ASA do have a LF.
So this is "normal" behaviour.
Case closed :-)
klaszloAuthor Commented:
Thank you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.