edmundoa
commented
9 years ago Hi,
Graylog can parse RFC syslog messages out of the box, but the example you shared doesn't look like it, so Graylog can't find the actual source in your logs. You can read more about this problem here.
In order to be able to correctly extract information from your logs, I would look for a content pack that supports the device you are sending logs from, or I would use a combination of a raw syslog input and extractors that match your logs.
We only use Github as a way of tracking bugs in our code, so I kindly ask you to use our mailing list or our IRC channel #graylog on Freenode if you have further questions about Graylog.
I will admit, I am new to Graylog2 just downloaded the Vappliance
Gray log at this time is showing the source as the first half of the syslog error and not the source that is sending the log..
Example would be the following /////////////////////////////////////////////////////////////Start .Sep 21 16:05:29.558: %SFF8472-5-THRESHOLD_VIOLATION: Te1/1/22: Rx power low alarm; Operating value: -15.1 dBm, Threshold value: -13.9 dBm.
Graylog will show source as SFF8472-5-THRESHOLD_VIOLATION ////////////////////////////////////////End example
I would like to set the gl2_remote_ip as the default field for the sources..
Thank you