Well i guess you would be right if just those messages would be of any standard. But it seems like vmware with esxi doesn't keep standards high enough. I don't understand how facility and level are provided but not on the very beginning of a message.
<166>2016-09-01T12:06:27.230Z xxx.local Rhttpproxy: [FFD09D90 verbose > 'Proxy Req 57863'] Connected to localhost : 8089 This is the message field of a message received by an Raw Text UDP Input. The same message on an Syslog UDP Input has level 6 and facility4. I had just a quick look at the source code but couldn't find the correct lines where you extract those infos. Well, i understand that is no high priority - well more none of that - but i bugs me bad and i want to solve this s*** somehow. My current workaround works but with alot ... work ... and theres more to come on each change. Am Dienstag, 30. August 2016 15:03:32 UTC+2 schrieb Jochen Schalanda: > > Hi Markus > > On Tuesday, 30 August 2016 11:51:48 UTC+2, Markus Fischbacher wrote: >> >> I don't see a way to extract syslog levels - they doesn't come in the >> message(-string) itself. Level and facility seems to come in additional udp >> sections/frames. >> > > If you're using a Raw/Plaintext input, the syslog priority (a number > encoding facility and level) will be at the very beginning of each message, > see https://tools.ietf.org/html/rfc5424#section-6.2.1 and > https://tools.ietf.org/html/rfc5424#section-6.5. > > You can extract this using a regex extractor and use the Syslog converters > on it. > > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a4989927-eb57-4264-b8ee-3eff6bedfd25%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
