bernd
commented
8 years ago What do you mean by "TraditionalFormat"? Please send an example message. Thank you!
Closed gruselglatz closed 8 years ago
bernd
commented
8 years ago What do you mean by "TraditionalFormat"? Please send an example message. Thank you!
gruselglatz
commented
8 years ago It's Called TraditionalFormat in the syslog config. These are Systems like, VmWare Esxi, Loadbalancer.org and CISCO equipment. But the CISCOs i have solved with the CISCO content-pack.
<166>2015-10-22T07:31:08.247Z vmwareesx11.xyz.local Hostd: info hostd[68C06B70] [Originator@6876 sub=Vimsvc.TaskManager opID=3593feec-f8-627f user=vpxuser:VSPHERE.LOCAL\vpxd-extension-4b227570-1ffb-11e5-94ea-005056ad6639] Task Completed : haTask-ha-host-vim.HostSystem.acquireCimServicesTicket-17999 Status success Another example: <27>mpscmdr: Client: xy:xy:yx:yx:yx:Enrollment Processing Failed - reason: Trying to provision an unknown MTA devicebernd
commented
8 years ago Both examples are non-standard syslog messages and cannot really be parsed by our syslog inputs. So using a raw message input and extractors is the way to go currently.
Please see our documentation on extractors on how to do this. (there is also documentation for Grok) http://docs.graylog.org/en/1.2/pages/extractors.html
You probably have more luck asking for existing extractors on our mailing list.
Hi, we have some old, closed Systems and we face the problem of getting only TraditionalFormat styled syslog Messages. Currently we capture it on an Raw/Plaintext input.
Is someone out there who has already built an Extractor-Set for this syslog Format? I've tried some Gork extraction but i get always the Error: We were not able to run the grok extraction. Please check your parameters.
But i think it would be nice if you can add an Extractor Pack to the Marketplace or something, for this Format. I searched for this issue but i didn't found anything, I couldn't be the only one with this problem?!?!?
On Graylog 1.2.1. Thanks, Rene