Hi! Am Freitag, 22. August 2014 11:11:12 UTC+2 schrieb Martin Schütte: > > > have tried to use Syslog UDP input without logstash, and there are also > > these 2 fields "facility" = "unknown" and "level" = "Invalid [-1]" > > (values are different from GELF). "Version" is gone. > > That is another topic; BSD Syslog [RFC3164] messages have a facility and > a severity level as mandatory metadata. > I do not know for sure, but I would expect the syslog input module to > look for these and insert default values if they cannot be parsed. >
Exactly. The Graylog2 syslog inputs should be able to process structured syslog messages according to RFC 5424 and unstructured syslog messages (classic BSD) according to RFC 3164. If the facility and level attributes can't be processed, it's probably a strange syslog dialect not conforming to any of the aforementioned RFCs. Ellyas, could you please provide a sample of the syslog messages you're sending to Graylog2? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
