Hi Thomas, Cisco network appliances usually don't send valid syslog messages (according to RFC 3164 or RFC 5424). Try using a Raw/Plaintext UDP input in Graylog instead of the Syslog UDP input and use extractors to get the information you want into structured fields: http://docs.graylog.org/en/2.0/pages/extractors.html
Cheers, Jochen On Thursday, 1 September 2016 11:35:18 UTC+2, Thomas Vahé wrote: > > > cisco-syslog Syslog UDP RUNNING > > > <http://192.168.56.101:9000/system/nodes/15a825da-96b8-4e91-b700-c93710fb2911> > > - allow_override_date:true > - bind_address:0.0.0.0 > - expand_structured_data:false > - force_rdns:false > - override_source:*<empty>* > - port:5140 > - recv_buffer_size:262144 > - store_full_message:false > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6489598d-a644-443a-905c-941fc89d8526%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
