This allows the syslog input plugin to ingest events from appliances which send in non-standard syslog formats, especially when use of a codec (e.g. cef) is also required. This prevents the need for custom plugins or hacks.
This exact scenario was encountered, where an appliance was sending "syslog" which was not RFC compliant, and the use of the cef codec was required to further parse the remaining portion of the message.
untergeek
commented
6 years ago
This allows the syslog input plugin to ingest events from appliances which send in non-standard syslog formats, especially when use of a codec (e.g. cef) is also required. This prevents the need for custom plugins or hacks.
This exact scenario was encountered, where an appliance was sending "syslog" which was not RFC compliant, and the use of the cef codec was required to further parse the remaining portion of the message.