Hello, I'm have a problem with the format of syslog messages sent from an Aruba Instant <http://www.arubanetworks.com/products/networking/aruba-instant/>device. The following is a sample message:
Apr 28 21:43:59 *2016* 192.168.110.240 stm[1789]: <304055> <ERRS> <###########> |ap| Unexpected stm (Station management) runtime error at wifi_mgmt_recv_frame, 7565, wifi_mgmt_recv_frame:7565: NULL src-mac, frame type=0, subtype=15 The problem has to do with the year, int this case 2016, that is in the message. This causes Graylog to incorrectly identify the various fields. For example, the source becomes the year, the application_name becomes the host/ip address etc. I cannot change the format of the message that the Aruba device sends. I need to strip the year from the message and that should fix this issue. Can I accomplish this using Graylog? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/22fe13b6-ce97-46ea-8f7e-729e5887c778%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
