OK, so I figured this out myself. On my Cisco devices, I had the following logging option enabled
logging timestamp This adds an additional time stamp to every syslog message and that caused issues with the extractor I was using. Once I removed this from the Cisco config, the source field in GrayLog showed just the hostname of the device. Not sure if there is another way of resolving this where 'logging timestamp' is still enabled on the Cisco devices? On Wednesday, 7 September 2016 10:05:17 UTC+8, Thomas wrote: > > Does anyone have any suggestions here? > Am I the only one using this extractor from the Market Place and that is > having this issue? > > > On Friday, 2 September 2016 11:11:09 UTC+8, Thomas wrote: >> >> Community >> >> I have created a new extractor using the following >> >> https://marketplace.graylog.org/addons/90396261-812c-4fa8-ad8f-a17771c9f8e0 >> >> I am receiving syslog messages from my Cisco equipment, however the >> "source" field in GrayLog contains more than just the name of the source >> field. >> It includes date information as well. >> >> >> I'll give you an example >> >> Syslog message from my Cisco 4507 switch >> >> 9/1/2016 3:07 AM : C4K_REDUNDANCY-5-CONFIGSYNC 215: 4507-HOSTNAME: .Sep >> 1 03:07:14 EST-DST: %C4K_REDUNDANCY-5-CONFIGSYNC: The startup-config has >> been successfully synchronized to the standby supervisor >> >> The source field in GrayLog is as follows >> >> 215: 4507-HOSTNAME: .Sep 1 03:07:14 EST-DST: >> >> Messages from my Cisco ASA5500 has the following source field >> Sep 01 2016 22:58:05 5500-FW1 : >> >> >> RegEx for the source field is as follows, which is unchanged from the >> extractor >> >> >> "regex_value": ">(.+?)%" >> >> Any suggestion to how this can be resolved such that only the host name >> if included in the source field? >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/02723e38-7169-42be-aae1-f0cbff7b0013%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
