search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
9.13k stars 473 forks source link

syslog acquisition: allow to forward the "raw" messages to parsers #2638

Open blotus opened 11 months ago

blotus commented 11 months ago

The syslog acquisition modules tries to be a little bit too "smart" and reconstruct a RFC3164 syslog line based on what what read from the network.

But it fails often if your syslog messages are not fully compliant with either RFC3164 or RFC5424. In some cases, this totally prevent you from parsing the logs properly.

We should add a new configuration option in the syslog datasource to forward the message without trying to reconstruct the content after reading it from the network (but still after basic syslog parsing, such as the priority or any field that do not appear in the standard textual representation of a syslog message).

github-actions[bot] commented 11 months ago

@blotus: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 11 months ago

@blotus: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.