Hi Jacob, you can use a Raw/Plaintext TCP or UDP input for this and extract the required information via some extractors, see http://docs.graylog.org/en/2.0/pages/extractors.html for details.
Cheers, Jochen On Friday, 29 April 2016 03:49:56 UTC+2, Jacob wrote: > > Hello, > > I'm have a problem with the format of syslog messages sent from an Aruba > Instant > <http://www.arubanetworks.com/products/networking/aruba-instant/>device. > The following is a sample message: > > Apr 28 21:43:59 *2016* 192.168.110.240 stm[1789]: <304055> <ERRS> > <###########> |ap| Unexpected stm (Station management) runtime error at > wifi_mgmt_recv_frame, 7565, wifi_mgmt_recv_frame:7565: NULL src-mac, frame > type=0, subtype=15 > > The problem has to do with the year, int this case 2016, that is in the > message. This causes Graylog to incorrectly identify the various fields. > For example, the source becomes the year, the application_name becomes the > host/ip address etc. > > I cannot change the format of the message that the Aruba device sends. I > need to strip the year from the message and that should fix this issue. Can > I accomplish this using Graylog? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/14919e01-5288-4543-ab77-96260c19a533%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
