APC syslog pattern?

rfinney · May 15, 2019, 4:46pm

After and update to Schneider APC Switched Rack PDU OS version v6.7.2 and v6.6.4, Graylog is unable to parse the message. I’m guessing APC isn’t following standards.

Does anyone have a GROK pattern or Regex for APC? The raw tcp messages look like these:

<12>May 15 11:05:54 apc-pdu-1.company.com Detected an unauthorized user attempting to access the Web interface from 10.1.1.8. 0x0006

<14>May 15 11:42:31 apc-pdu-1.company.com Network Interface restarted. 0x0002

<12>2019-05-15 11:04:37 apc-pdu-1.company.com APC: Test Syslog.

jan · May 16, 2019, 1:24pm

I would send the messages to a RAW input first just to get them all.

After that greate a pattern yourself - at least the basic for the date and PDU name should not be a problem to parse.

rfinney · May 16, 2019, 2:12pm

Thanks Jan. That’s what I planned on doing. Just wanted to check if anyone else had already done it.
Read the twitter post from Graylog about the “APC extractor” when looking into it and figured I would ask first since the link is dead.

system · May 30, 2019, 2:12pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Syslog Messages and Parsing Fortinet Graylog Central (peer support)	1	527	July 31, 2019
Grok pattern for dd-wrt syslog input Graylog Central (peer support)	4	1259	October 16, 2017
Can't get Syslog messages Graylog Central (peer support)	5	765	December 1, 2017
Issues receiving TCP Syslog & TCP Raw Graylog Central (peer support)	3	1028	February 17, 2020
Can't receive any logs from Palo Alto Graylog Central (peer support) pipeline-rules	6	817	April 5, 2021

APC syslog pattern?

Related Topics