Hi Robert, Cisco appliances don't send valid syslog messages. Please take a look at the extractors functionality in Graylog: http://docs.graylog.org/en/2.0/pages/extractors.html
Cheers, Jochen On Wednesday, 25 May 2016 16:39:40 UTC+2, Robert Craig wrote: > > I've installed two variations of Cisco extractors on Graylog2 (one from > marketplace and other from random blog I found). The Source IP displays > correctly, but it seems not all of the actual syslog message is displayed. > > Example: > I see this in Graylog > 22] at 09:36:18 CDT Wed May 25 2016 > > But it should be this > %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: rlcadm] [Source: X.X.X.X] > [localport: 22] at 09:37:43 CDT Wed May 25 2016 > > Is there anything I can tweak to overcome this issue? Thanks for any help. > > Robert > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1680e094-1be3-484d-9b48-f3e0c6fce17b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
