[
https://issues.apache.org/jira/browse/NIFI-12055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17766061#comment-17766061
]
Dirk Mader commented on NIFI-12055:
-----------------------------------
[~otto]
Thank you for all your help, I learned a lot.
And Sorry for my fault… I didn't recognise the <38> as a 8 bit combination of
Facility and Severity, and thought it's part of the human unreadable binary
stuff in front of the message.
Think it will not always possible to configure it on the sender's side,
especially when syslog send by 3rd party software.
But with my new knowledge I think I will able to create proper solutions to
parse invalid messages in nifi or in the splunk endpoint.
> ListenSyslog: Parse Messages didn't recognize some of the syslogevents
> ----------------------------------------------------------------------
>
> Key: NIFI-12055
> URL: https://issues.apache.org/jira/browse/NIFI-12055
> Project: Apache NiFi
> Issue Type: Task
> Components: Extensions
> Affects Versions: 1.23.2
> Environment: Debian VM
> Reporter: Dirk Mader
> Priority: Major
> Fix For: 1.23.2
>
> Attachments: dump_syslog.tcpd
>
>
> I tested with an OpenBSD Current to send syslog to ListenSyslog.
> But most of the Events are running into "invalid".
> In the attached tcpdump are 4 Events: 3 of them will marked as *invalid* by
> "Parsing Messages" 1 of them is marked as as *success*
> The success message is {{"the last message repeated 2 times"}}
> The only change in properties was the UDP Port to 5140
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
