The only extractor in there for Cisco is Catalyst and ASA, both of which I am running. Any other ideas?
Robert On Wednesday, May 25, 2016 at 10:04:30 AM UTC-5, Jochen Schalanda wrote: > > Hi Robert, > > Cisco appliances don't send valid syslog messages. Please take a look at > the extractors functionality in Graylog: > http://docs.graylog.org/en/2.0/pages/extractors.html > > Cheers, > Jochen > > On Wednesday, 25 May 2016 16:39:40 UTC+2, Robert Craig wrote: >> >> I've installed two variations of Cisco extractors on Graylog2 (one from >> marketplace and other from random blog I found). The Source IP displays >> correctly, but it seems not all of the actual syslog message is displayed. >> >> Example: >> I see this in Graylog >> 22] at 09:36:18 CDT Wed May 25 2016 >> >> But it should be this >> %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: rlcadm] [Source: >> X.X.X.X] [localport: 22] at 09:37:43 CDT Wed May 25 2016 >> >> Is there anything I can tweak to overcome this issue? Thanks for any help. >> >> Robert >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3ed2db1d-ed83-4e4d-8956-cb148a3739d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
