JStickler
commented
1 month ago Questions have a better chance of being answered if you ask them on the community forums.
Open abitrusty opened 1 month ago
JStickler
commented
1 month ago Questions have a better chance of being answered if you ask them on the community forums.
abitrusty
commented
1 month ago apologies - doing that now
The new Cisco IOS-XE devices have an option to send syslog using RFC5424 with command "logging trap syslog-format rfc5424"
I'm sending syslogs directly to promtail and can see them in Loki etc but I'm only getting the Host field populated and not the severity and I believe I need a regex pipeline to get this. I've been struggling to get it working. Anyone know how I can get the severity and hostname field out of this syslog?
<190>1 2024-07-29T12:27:05.335Z CUBE - - - - BOM%SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file <190> = sequence number CUBE = DevceName 6 = severity Any help appreciated