After and update to Schneider APC Switched Rack PDU OS version v6.7.2 and v6.6.4, Graylog is unable to parse the message. I’m guessing APC isn’t following standards.
Does anyone have a GROK pattern or Regex for APC? The raw tcp messages look like these:
<12>May 15 11:05:54 apc-pdu-1.company.com Detected an unauthorized user attempting to access the Web interface from 10.1.1.8. 0x0006
<14>May 15 11:42:31 apc-pdu-1.company.com Network Interface restarted. 0x0002
<12>2019-05-15 11:04:37 apc-pdu-1.company.com APC: Test Syslog.