Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Syslog use custom date format

https://support.nagios.com/forum/viewtopic.php?t=65646

Page 1 of 1

Syslog use custom date format

Posted: Mon May 08, 2023 8:39 am
by StlertK
Hi all

I'm trying to parse syslog messages that slightly deviate from the RFC3164 standard. I cannot control the message format at this source.
example message:

Code: Select all

<13> May  8 15:18:28 NET-000XX-1 TRAPMGR[trapTask]: traputil.c(753) 3113378 %% Link Up: 1/0/24
There are two unexpected whitespaces, the first just before May and one just after May, which is probably why the standard syslog parser throws the
_grokparsefailure_sysloginput
error on each message.

How can I modify this syslog parser to match my messages? If I could change the date format to " %b %d %H:%M:%S" (adding the whitespaces) this could already be enough but I cant figure out how to do this. I would rather not re-write a grok filter but still use the syslog one.

Thanks

Re: Syslog use custom date format

Posted: Sun Jun 25, 2023 1:30 pm
by Jaske09
I am gradually adding hosts and services to the configuration. Everything seems to work fine, except the "Problems" link on the left-hand side menu on the main web page.

Re: Syslog use custom date format

Posted: Thu Aug 10, 2023 10:38 pm
by weevessels
I'm gradually populating the setup with hosts and services. Everything appears to be in working order, with the exception of the "Problems" link on the main web page's left-hand side menu.
doodle baseball

Re: Syslog use custom date format

Posted: Thu Aug 10, 2023 11:34 pm
by kg2857
Copy the existing syslog input and modify it.
As I recall, you'll need to change the port for the forwarder and the input if other forwarders use the default syslog input.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited