The new Cisco IOS-XE devices have an option to send syslog using RFC5424 with command "logging trap syslog-format rfc5424"
I'm sending syslogs directly to promtail and can see them in Loki etc but I'm only getting the Host field populated and not the severity and I believe I need a regex pipeline to get this. I've been struggling to get it working. Anyone know how I can get the severity and hostname field out of this syslog?
<190>1 2024-07-29T12:27:05.335Z CUBE - - - - BOM%SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file
<190> = sequence number
CUBE = DevceName
6 = severity
Any help appreciated
The new Cisco IOS-XE devices have an option to send syslog using RFC5424 with command "logging trap syslog-format rfc5424"
I'm sending syslogs directly to promtail and can see them in Loki etc but I'm only getting the Host field populated and not the severity and I believe I need a regex pipeline to get this. I've been struggling to get it working. Anyone know how I can get the severity and hostname field out of this syslog?
<190>1 2024-07-29T12:27:05.335Z CUBE - - - - BOM%SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file <190> = sequence number CUBE = DevceName 6 = severity Any help appreciated