Syslog and gelf are formats (and transmission protocols) of log messages. These formats needs mandatory fields. You cannot get rid of these fields. Some fields may ne usefull for you as timestamp or level... But useless ones for you will stay in your system.
Nicolas. Le 22 août 2014 11:25, "Jochen Schalanda" <[email protected]> a écrit : > Hi! > > Am Freitag, 22. August 2014 11:11:12 UTC+2 schrieb Martin Schütte: >> >> > have tried to use Syslog UDP input without logstash, and there are also >> > these 2 fields "facility" = "unknown" and "level" = "Invalid [-1]" >> > (values are different from GELF). "Version" is gone. >> >> That is another topic; BSD Syslog [RFC3164] messages have a facility and >> a severity level as mandatory metadata. >> I do not know for sure, but I would expect the syslog input module to >> look for these and insert default values if they cannot be parsed. >> > > Exactly. The Graylog2 syslog inputs should be able to process structured > syslog messages according to RFC 5424 and unstructured syslog > messages (classic BSD) according to RFC 3164. > > If the facility and level attributes can't be processed, it's probably a > strange syslog dialect not conforming to any of the aforementioned RFCs. > > Ellyas, could you please provide a sample of the syslog messages you're > sending to Graylog2? > > > Cheers, > Jochen > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
