Syslog use custom date format

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Post Reply
StlertK
Posts: 2
Joined: Fri Apr 28, 2023 3:27 am

Syslog use custom date format

Post by StlertK »

Hi all

I'm trying to parse syslog messages that slightly deviate from the RFC3164 standard. I cannot control the message format at this source.
example message:

Code: Select all

<13> May  8 15:18:28 NET-000XX-1 TRAPMGR[trapTask]: traputil.c(753) 3113378 %% Link Up: 1/0/24	
There are two unexpected whitespaces, the first just before May and one just after May, which is probably why the standard syslog parser throws the
_grokparsefailure_sysloginput
error on each message.

How can I modify this syslog parser to match my messages? If I could change the date format to " %b %d %H:%M:%S" (adding the whitespaces) this could already be enough but I cant figure out how to do this. I would rather not re-write a grok filter but still use the syslog one.

Thanks
Jaske09
Posts: 5
Joined: Thu Jun 15, 2023 11:35 am

Re: Syslog use custom date format

Post by Jaske09 »

I am gradually adding hosts and services to the configuration. Everything seems to work fine, except the "Problems" link on the left-hand side menu on the main web page.
weevessels
Posts: 4
Joined: Tue Jun 20, 2023 10:09 am
Contact:

Re: Syslog use custom date format

Post by weevessels »

I'm gradually populating the setup with hosts and services. Everything appears to be in working order, with the exception of the "Problems" link on the main web page's left-hand side menu.
doodle baseball
kg2857
Posts: 233
Joined: Wed Apr 12, 2023 5:48 pm

Re: Syslog use custom date format

Post by kg2857 »

Copy the existing syslog input and modify it.
As I recall, you'll need to change the port for the forwarder and the input if other forwarders use the default syslog input.
Post Reply