Hi Anthony, Probably Graylog2 is expecting standards compliant syslog, i.e. as per RFC 3164. Even though "cisco" is on list of authors for RFC 3164, they can't get the format right. Every other cisco device will send some variation of a timestamp that's non standards compliant. This is yet another example: 2014 Jun 2 16:40:24 UTC See here for more: http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html#sources_device_cisco
Note that the configuration you pasted below does not alter the original message (in $raw_event) and it is passed on as-is. Thus parse_syslog() is useless. If you want to fix the issue you can either: * configure cisco to send syslog that graylog2 can parse * fix the format in nxlog.conf by parsing the datetime using strptime() and rewrite the message to proper syslog. Regards, Botond On Mon, 2 Jun 2014 17:14:29 +0000 "Nixon, Anthony S." <asni...@midrex.com> wrote: > First let me say what a great app this is. I found this in an article about > using Graylog2 and NXLog together. What I am finding is that the > hostname/source name is being somehow stripped from the message as GrayLog2 > gets it. NXLog is installed on the same server as GrayLog2 and I have tried > several different methods of sending to the host/GrayLog2. Is there a way to > just send the message unedited from NXLog? I'm not sure what to do here. Is > there a format that I need to do in NXLog to make sure GrayLog2 gets > everything? > > > > ######################################## > # Modules # > ######################################## > > # NXlog syslog extension activation (needed to receive syslog messages) > <Extension _syslog> > Module xm_syslog > </Extension> > > <Extension gelf> > Module xm_gelf > </Extension> > > <Extension json> > Module xm_json > </Extension> > > <Input udp_in> > Module im_udp > Port 514 > Host 0.0.0.0 > Exec parse_syslog(); > </Input> > > <Processor buffer_udp> > Module pm_buffer > MaxSize 1024 > Type Mem > WarnLimit 512 > </Processor> > > # NXlog output to forward everything to GrayLog2 listening on Localhost port > 5514. > <Output tcp_out> > Module om_tcp > Port 5514 > Host XXX.XXX.XXX.132 (this is the ip of the syslog server. I have > tried localhost and the hostname as well with no luck) > </Output> > > ######################################## > # Routes # > ######################################## > <Route udp> > Path udp_in => buffer_udp => tcp_out > </Route> > > > Message from Cisco switch: > > 2014 Jun 2 16:40:24 N5K-A %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication > failed for user admin from 192.168.5.18 - sshd[27241] > > > Message as seen from Graylog2: > > <187>: 2014 Jun 2 16:40:24 UTC: %AUTHPRIV-3-SYSTEM_MSG: > pam_aaa:Authentication failed for user admin from 192.168.5.18 - sshd[27241] > > > ----------------------------------------- > This message, including any attachments, is intended only for the use of the > addressee and contains information that is PROPRIETARY and CONFIDENTIAL. It > may be used only by the addressee and may not be divulged without the express > consent of the sender. If you are not the intended recipient, you are hereby > notified that any dissemination of this communication is strictly prohibited. > If you have received this communication in error, please erase all copies of > the message and its attachments and notify us immediately. Thank you. > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/NeoTech > _______________________________________________ > nxlog-ce-users mailing list > nxlog-ce-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
