Hi, this doesn't look like a valid Syslog message (according to RFC 3164 <https://tools.ietf.org/html/rfc3164> or RFC 5424 <https://tools.ietf.org/html/rfc5424>). If your device or syslog daemon doesn't emit valid, RFC-compliant syslog messages, you're probably better off using a Raw/Plaintext input and use extractors to get the required information into structured fields: http://docs.graylog.org/en/2.0/pages/extractors.html
Cheers, Jochen On Wednesday, 31 August 2016 21:18:44 UTC+2, TheKrazyKaveman wrote: > > In the message field, I get this: > > SSLVPN: id=sslvpn sn=SERIAL# time="2016-08-31 14:00:19" > vp_time="2016-08-31 18:00:19 UTC" fw=XX.XX.XX.XX pri=5 m=2 c=2 > src=YY.YY.YY.YY dst=vpn.mydomain.com user="my.user" usr="my.user" > msg="User logged out" active=15 duration=15 agent="SonicWALL Mobile Connect > for Android 4.0.5 (samsung SAMSUNG-SM-G920A; Android 6.0.1; SDK 23; build > 405)" > > On Wednesday, August 31, 2016 at 1:28:39 PM UTC-4, TheKrazyKaveman wrote: >> >> Syslog UDP >> >> On Wednesday, August 31, 2016 at 3:34:40 AM UTC-4, Jochen Schalanda wrote: >>> >>> Hi, >>> >>> if the client is sending those messages directly to Graylog, you could >>> probably use the "hidden" field gl2_remote_ip for this. >>> >>> What kind of Graylog input are you using for receiving those messages? >>> >>> Cheers, >>> Jochen >>> >>> On Tuesday, 30 August 2016 20:52:33 UTC+2, TheKrazyKaveman wrote: >>>> >>>> I'm having some trouble getting the world map widget to work on my >>>> Graylog server. It keeps telling me that I have an invalid geo data term >>>> for field "source": sslvpn:. I know that this is SUPPOSED to be an IP >>>> address, but for some reason it renders the IP addresses as src:. Any >>>> suggestions on how to resolve this? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0364d734-5020-4b34-8658-a32c9677ddb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
