Hi Luis, unfortunately not all devices really send valid syslog messages even if their vendors say so. If our syslog parser doesn't work with the syslog messages generated by these devices out of the box, you could use custom extractors (see http://www.graylog2.org/resources/documentation/general/extractors) to get the important information out of these lines of text nonetheless.
Cheers, Jochen Am Mittwoch, 5. November 2014 16:31:56 UTC+1 schrieb Luis G: > > I'd like to use this as a syslog interface for our entire company to use > but there's some issues I'd like to know if anyone shares and has a remedy. > > Here's some "full_message" logs: > Source: "on" > <190>2014 Nov 5 09:54:45 c9-20-b2-1.jfk3 DHCP: snooping on untrusted port > 1/1/30, type 5, VRF 0, drop packet > <190>2014 Nov 5 09:54:45 c9-20-b2-1.jfk3 DHCP: snooping on untrusted port > 1/1/2, type 5, VRF 0, drop packet > <190>2014 Nov 5 09:54:45 c9-20-b2-1.jfk3 DHCP: snooping on untrusted port > 1/1/46, type 5, VRF 0, drop packet > > Source: "untrusted" > <190>97d07h18m04s:c2-15-b2-1.pnj1 DHCP: snooping on untrusted port 1/1/23, > type 5, VRF 0, drop packet > > Source: "fan" > <188>37d16h58m25s:c1-3-b2-1.pnj1 System:Stack unit 1 Fan speed changed > automatically to 1 > > Source: "c8-19-b2-1-SA.jfk3" > <189>Nov 5 09:50:44 c8-19-b2-1-SA.jfk3 OSPFv3 originate LSA, rid > 10.61.64.176, area 0.0.0.0, LSA type Network, LSA id 0.0.0.65, LSA router > id 10.61.64.176 > <189>Nov 5 09:50:44 c8-19-b2-1-SA.jfk3 OSPFv3 originate LSA, rid > 10.61.64.176, area 0.0.0.0, LSA type IntraPrefix, LSA id 0.0.1.69, LSA > router id 10.61.64.176 > <189>Nov 5 09:50:44 c8-19-b2-1-SA.jfk3 OSPFv3 originate LSA, rid > 10.61.64.176, area 0.0.0.0, LSA type Link, LSA id 0.0.0.65, LSA router id > 10.61.64.176 > > Source: "c11-2-b2-1.jfk3" > <188>Nov 5 09:50:39 c11-2-b2-1.jfk3 System:Stack unit 1 Fan speed changed > automatically to 2 > > My devices don't report any other way and it appears to be a different > format based on the syslog message level. > > I see the difference in the timestamp format, but how can I fix this? > > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
