Hi Jacob, you can use a Raw/Plaintext TCP or UDP input for this and extract the required information via some extractors, see http://docs.graylog.org/en/2.0/pages/extractors.html for details.
Cheers, Jochen On Friday, 29 April 2016 03:49:56 UTC+2, Jacob wrote: > > Hello, > > I'm have a problem with the format of syslog messages sent from an Aruba > Instant > <http://www.arubanetworks.com/products/networking/aruba-instant/>device. > The following is a sample message: > > Apr 28 21:43:59 *2016* 192.168.110.240 stm[1789]: <304055> <ERRS> > <###########> |ap| Unexpected stm (Station management) runtime error at > wifi_mgmt_recv_frame, 7565, wifi_mgmt_recv_frame:7565: NULL src-mac, frame > type=0, subtype=15 > > The problem has to do with the year, int this case 2016, that is in the > message. This causes Graylog to incorrectly identify the various fields. > For example, the source becomes the year, the application_name becomes the > host/ip address etc. > > I cannot change the format of the message that the Aruba device sends. I > need to strip the year from the message and that should fix this issue. Can > I accomplish this using Graylog? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/14919e01-5288-4543-ab77-96260c19a533%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
