ee_lcpaa
asked on
SYSLOG message format
Hi all,
I am using SolarWinds Event Log Forwarder to send windows log to a KiWi syslog server.
Below is one message extrcated from the kiwi syslog archive.
2016-12-07 18:47:23 User.Warning main_dbserver Dec 07 18:47:23 main_dbserver.xxx.com.hk MSWinEventLog 4 Application 31214 Wed Dec 07 18:47:23 2016 1000 VMware Tools S-1-5-18 N/A Warning main_dbserver.xxx.com com.hk 0 [ warning] [vmsvc:autoUpgrade] vmx returned Autoupgrade is not supported for guest.initiateUpgradeAtShu tdown.
The above message contains three timetamps.
May I know why there are three timestamps. Currently, I guess that the 1st timestamp is the message saved in SYSLOG server.
The 2nd timestamp (no idea). The 3rd timestamp should be Windows event log timestamp.
In addition, what is 31214? It seesm to be that this is an internal ID, not useful.
Please advise. Thanks a lot.
I am using SolarWinds Event Log Forwarder to send windows log to a KiWi syslog server.
Below is one message extrcated from the kiwi syslog archive.
2016-12-07 18:47:23 User.Warning main_dbserver Dec 07 18:47:23 main_dbserver.xxx.com.hk MSWinEventLog 4 Application 31214 Wed Dec 07 18:47:23 2016 1000 VMware Tools S-1-5-18 N/A Warning main_dbserver.xxx.com com.hk 0 [ warning] [vmsvc:autoUpgrade] vmx returned Autoupgrade is not supported for guest.initiateUpgradeAtShu
The above message contains three timetamps.
May I know why there are three timestamps. Currently, I guess that the 1st timestamp is the message saved in SYSLOG server.
The 2nd timestamp (no idea). The 3rd timestamp should be Windows event log timestamp.
In addition, what is 31214? It seesm to be that this is an internal ID, not useful.
Please advise. Thanks a lot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any additional info on this question?
Dan
Dan
The 31214 is most likely the process id of the task that generated the error.