Thank you Jochen. At first, I didn't understand the purpose of this approach. But I've since taken your suggestion and are now sending the Aruba syslog messages into a raw/plaintext input. I've since been able to apply grok patterns to extract data. At first this was confusing to me because I was still trying to manipulate the original message by dropping some information, in this case, the year. But instead I extract the parts of the message that I want and search and display the data in a dashboard accordingly.
On Friday, April 29, 2016 at 3:56:08 AM UTC-4, Jochen Schalanda wrote: > > Hi Jacob, > > you can use a Raw/Plaintext TCP or UDP input for this and extract the > required information via some extractors, see > http://docs.graylog.org/en/2.0/pages/extractors.html for details. > > Cheers, > Jochen > > On Friday, 29 April 2016 03:49:56 UTC+2, Jacob wrote: >> >> Hello, >> >> I'm have a problem with the format of syslog messages sent from an Aruba >> Instant >> <http://www.arubanetworks.com/products/networking/aruba-instant/>device. >> The following is a sample message: >> >> Apr 28 21:43:59 *2016* 192.168.110.240 stm[1789]: <304055> <ERRS> >> <###########> |ap| Unexpected stm (Station management) runtime error at >> wifi_mgmt_recv_frame, 7565, wifi_mgmt_recv_frame:7565: NULL src-mac, frame >> type=0, subtype=15 >> >> The problem has to do with the year, int this case 2016, that is in the >> message. This causes Graylog to incorrectly identify the various fields. >> For example, the source becomes the year, the application_name becomes the >> host/ip address etc. >> >> I cannot change the format of the message that the Aruba device sends. I >> need to strip the year from the message and that should fix this issue. Can >> I accomplish this using Graylog? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6b9f9958-5da0-4f72-96dc-34ed2622dbf5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
