[
https://issues.apache.org/jira/browse/NIFI-12055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17766007#comment-17766007
]
Otto Fowler commented on NIFI-12055:
------------------------------------
I am not sure what you mean. I see the <38> in all the messages. I wrote a
test using the bytes from Wireshark and saw the one succeed and rest fail as
you did.
I don't think the failures have anything to do with the facility etc
Sometimes things don't include the hostname in the syslog by default and you
have enable it by configuration. If you can figure out how to do this on your
source side it will be yummy.
You can write a custom GROK to parse these messages without the hostname part
for sure though
> ListenSyslog: Parse Messages didn't recognize some of the syslogevents
> ----------------------------------------------------------------------
>
> Key: NIFI-12055
> URL: https://issues.apache.org/jira/browse/NIFI-12055
> Project: Apache NiFi
> Issue Type: Task
> Components: Extensions
> Affects Versions: 1.23.2
> Environment: Debian VM
> Reporter: Dirk Mader
> Priority: Major
> Fix For: 1.23.2
>
> Attachments: dump_syslog.tcpd
>
>
> I tested with an OpenBSD Current to send syslog to ListenSyslog.
> But most of the Events are running into "invalid".
> In the attached tcpdump are 4 Events: 3 of them will marked as *invalid* by
> "Parsing Messages" 1 of them is marked as as *success*
> The success message is {{"the last message repeated 2 times"}}
> The only change in properties was the UDP Port to 5140
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
