search

splunk / splunk-connect-for-syslog

Splunk Connect for Syslog
Apache License 2.0
154 stars 111 forks source link

cisco_ios does not support Timezone extraction #2554

Open ehlo550 opened 3 months ago

ehlo550 commented 3 months ago

What is the sc4s version ? 3.28.1

Is the issue related to the environment of the customer or Software related issue? Software

Describe the bug Cisco switches (cisco_ios) are able to send the timezone in the logs. From what I understand those are parsed by the app-almost-syslog-cisco_syslog.conf parser.

There seems to be no date-parser configuration that includes an extraction of the timezone.

<188>35548: hostname: Aug  8 2024 20:10:00.001 CEST: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: username] [Source: 10.10.10.10] [localport: 22] [Reason: Login Authentication Failed] at 20:10:00 CEST Thu Aug 8 2024

I am wondering if this could be added.

Regards Stefan

rjha-splunk commented 3 months ago

I am checking this, we will check if we need to change the date-time().

ehlo550 commented 6 days ago

any chance you had a look at it?