jjh74
commented
2 years ago Have you tried with best_effort = true in your [[inputs.syslog]] config (https://github.com/influxdata/telegraf/blob/master/plugins/inputs/syslog/README.md) ?
Open nayrbbizkit opened 2 years ago
jjh74
commented
2 years ago Have you tried with best_effort = true in your [[inputs.syslog]] config (https://github.com/influxdata/telegraf/blob/master/plugins/inputs/syslog/README.md) ?
nayrbbizkit
commented
2 years ago Hi @jjh74,
Yes it is already set to true, my Telegraf version is 1.20.0:
Hello Folks,
I got the following error in Influx's chronograf when the Syslog message being received is in CEF (Common Event Format). Is there any available resolution to for this specific telegraf plugins?
E! [inputs.syslog] Error in plugin: expecting an app-name (from 1 to max 48 US-ASCII characters) or a nil value [col 51
This is what the Syslog format/message looks like:
Nov 29 11:30:29 172.xx.x.x CEF:0|XYPRO|NONSTOP|XMA|OBJ-ACCESS-PASS|OBJECT-ACCESS-SUCCESS-SFG|4|cs3= 000002F2F5D8CFCEFB67 start= N end= N cs4= sproc= \xxx.$APNI5 ,0,665 spid= filePath= \xxx.xxxx.PRDAOBJ.NMIPCT src= sourceDnsDomain= dst= dhost= \xxx cs2= $xxxxx.SAFE deviceCustomDate1= 2021-11-29 03:30:17.578402 rt= 2021-11-29 11:30:17.578402 externalId= 000000001 outcome= 1 cs6= N / N cn1= A deviceFacility= SAFEGUARD suid= 190 , 001 duid= , suser= xxxx.xxx shost= \PN1 duser= fileType= DISKFILE fname= $xxxx.PRDAEVDB.SWAPUSE act= READ cs5= \xxx.$ZPTY.#ZWN0014 cat= 51 reason= 450 cs1= msg= Granted Read to Diskfile $xxxx.xxxxxxxx.SWAPUSE cn1Label=ALERTEDcs1Label=Rulenamecs2Label=ProductLocationcs3Label=SessionIDcs4Label=SessionNamecs5Label=Terminalcs6Label=Test/Warn#015