I'm trying to parse syslog messages that slightly deviate from the RFC3164 standard. I cannot control the message format at this source.
example message:
Code: Select all
<13> May 8 15:18:28 NET-000XX-1 TRAPMGR[trapTask]: traputil.c(753) 3113378 %% Link Up: 1/0/24
_grokparsefailure_sysloginput
error on each message.
How can I modify this syslog parser to match my messages? If I could change the date format to " %b %d %H:%M:%S" (adding the whitespaces) this could already be enough but I cant figure out how to do this. I would rather not re-write a grok filter but still use the syslog one.
Thanks