mstopa-splunk
commented
3 months ago Hi Eric, 1) Issue 992 is from April 2021 and this piece of the docs was changed in February 2022. Please try to use the format recommended in the documentation and if that's impossible please submit an issue for us to check it and update 2) Try sending to port 601 (for framed events) instead of 514 (default when not framed)
I'm working in an environment where customization at the log sources is hard. So, this requires a lot of customization at the syslog level in this case SC4S that was already in place. I've worked a lot with syslog-ng and rsyslog but the container level brings it to another level for me. So while I’m trying to learn, I need help to understand two different cases. Didn't really find any information in the documentation how to customize things.
If I read the case #992 the Citrix Netscaler should have the date select automatic ("DDMMYYYY" or "MMDDYYYY"). That indicates that the date can be in either format DDMMYYYY format or MMDDYYYY. The documentation for Citrix says that the date must be in “DDMMYYYY”. If I want to change this to be in the format of “MMDDYYYY” how can this be achieved?
Also, if a log source send it’s data with appending some junk:
215 <134>1 2003-10-11T22:14:15.003Z mymachine.example.com … 431 <134>1 2003-10-11T22:14:15.003Z mymachine.example.com …
Instead of
<134>1 2003-10-11T22:14:15.003Z mymachine.example.com … What’s your recommended way to clean the data on the SC4S server? There’s a working product if the numbers are removed. Best regards, Eric