APC syslog pattern?


After and update to Schneider APC Switched Rack PDU OS version v6.7.2 and v6.6.4, Graylog is unable to parse the message. I’m guessing APC isn’t following standards.

Does anyone have a GROK pattern or Regex for APC? The raw tcp messages look like these:

<12>May 15 11:05:54 apc-pdu-1.company.com Detected an unauthorized user attempting to access the Web interface from 0x0006

<14>May 15 11:42:31 apc-pdu-1.company.com Network Interface restarted. 0x0002

<12>2019-05-15 11:04:37 apc-pdu-1.company.com APC: Test Syslog.

(Jan Doberstein) #2

I would send the messages to a RAW input first just to get them all.

After that greate a pattern yourself - at least the basic for the date and PDU name should not be a problem to parse.


Thanks Jan. That’s what I planned on doing. Just wanted to check if anyone else had already done it.
Read the twitter post from Graylog about the “APC extractor” when looking into it and figured I would ask first since the link is dead.