Hi, and what exactly is the problem with the given message? You have to describe your problem in detail if you want to get help.
FWIW, that line in the full_message field isn't a valid syslog message according to RFC 3164 or RFC 5424, so the standard syslog input/parser won't make much sense out of it. You'll probably need to use a Raw UDP input and then use some extractors to get the information you want. Cheers, Jochen On Tuesday, 15 March 2016 10:24:29 UTC+1, kaiser wrote: > > > Hello Jochen, > > I am using graylog 1.3.3 > I have an input for cisco with udp protocol. > full_message is set in the input > > Here is an example: > > > application_name > [user: > > facility > syslogd > > full_message > <45>36551: Feb 5 23:45:44: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success > [user: _user1] [Source: X.X.X.X] [localport: 22] at 23:45:44 TZ Fri Feb 5 > 2016 > > gl2_remote_ip > X.X.X.X > > gl2_remote_port > 1069 > > level > 5 > > message > [Source: X.X.X.X] [localport: 22] at 23:45:44 TZ Fri Feb 5 2016 > > cheers. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a0cb1e7b-f0ff-424c-9608-13b9dd9fb066%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
