Hi, this doesn't look like a valid Syslog message (according to RFC 3164 <https://tools.ietf.org/html/rfc3164> or RFC 5424 <https://tools.ietf.org/html/rfc5424>). If your device or syslog daemon doesn't emit valid, RFC-compliant syslog messages, you're probably better off using a Raw/Plaintext input and use extractors to get the required information into structured fields: http://docs.graylog.org/en/2.0/pages/extractors.html
Cheers, Jochen On Wednesday, 31 August 2016 21:18:44 UTC+2, TheKrazyKaveman wrote: > > In the message field, I get this: > > SSLVPN: id=sslvpn sn=SERIAL# time="2016-08-31 14:00:19" > vp_time="2016-08-31 18:00:19 UTC" fw=XX.XX.XX.XX pri=5 m=2 c=2 > src=YY.YY.YY.YY dst=vpn.mydomain.com user="my.user" usr="my.user" > msg="User logged out" active=15 duration=15 agent="SonicWALL Mobile Connect > for Android 4.0.5 (samsung SAMSUNG-SM-G920A; Android 6.0.1; SDK 23; build > 405)" > > On Wednesday, August 31, 2016 at 1:28:39 PM UTC-4, TheKrazyKaveman wrote: >> >> Syslog UDP >> >> On Wednesday, August 31, 2016 at 3:34:40 AM UTC-4, Jochen Schalanda wrote: >>> >>> Hi, >>> >>> if the client is sending those messages directly to Graylog, you could >>> probably use the "hidden" field gl2_remote_ip for this. >>> >>> What kind of Graylog input are you using for receiving those messages? >>> >>> Cheers, >>> Jochen >>> >>> On Tuesday, 30 August 2016 20:52:33 UTC+2, TheKrazyKaveman wrote: >>>> >>>> I'm having some trouble getting the world map widget to work on my >>>> Graylog server. It keeps telling me that I have an invalid geo data term >>>> for field "source": sslvpn:. I know that this is SUPPOSED to be an IP >>>> address, but for some reason it renders the IP addresses as src:. Any >>>> suggestions on how to resolve this? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0364d734-5020-4b34-8658-a32c9677ddb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
