Hello,
I am trying to feed in a linux server from our DMZ to our local Nagios Log Server and after setting everything up with the Curl command I only get 1 log that shows up with the following message: "\xFF\xF4\xFF\xFD\u0006^]\r\n" in NLS. It has a _grokparsefailure_sysloginput tag attached to it, and I'm not sure if I need to do anything extra so that logs come into NLS normally.
_grokparsefailure_sysloginput tag
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: _grokparsefailure_sysloginput tag
By default, the syslog input only supports RFC3164 syslog messages.
If your sending server isn't sending a compliant message you will get a _grokparsefailure_sysloginput
For this, you may want to create a new tcp or udp input on a different port in the configuration and send your logs to that port
If your sending server isn't sending a compliant message you will get a _grokparsefailure_sysloginput
For this, you may want to create a new tcp or udp input on a different port in the configuration and send your logs to that port
Code: Select all
tcp {
type => 'alt_syslog'
port => 2099
}
udp {
type => 'alt_syslog'
port => 2099
}-
mgarrity10
- Posts: 6
- Joined: Thu Mar 08, 2018 3:17 pm
Re: _grokparsefailure_sysloginput tag
Thanks for the quick response. I am actually using a DMZ relay Nagios Log Server to send all logs from DMZ clients to our local level NAgios Log Server. Could this setup be messing up the syslog format?
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: _grokparsefailure_sysloginput tag
Could be, could you elaborate on this setup and configuration on both servers?mgarrity10 wrote:Thanks for the quick response. I am actually using a DMZ relay Nagios Log Server to send all logs from DMZ clients to our local level NAgios Log Server. Could this setup be messing up the syslog format?