After and update to Schneider APC Switched Rack PDU OS version v6.7.2 and v6.6.4, Graylog is unable to parse the message. I’m guessing APC isn’t following standards.
Does anyone have a GROK pattern or Regex for APC? The raw tcp messages look like these:
<12>May 15 11:05:54 apc-pdu-1.company.com Detected an unauthorized user attempting to access the Web interface from 10.1.1.8. 0x0006
Thanks Jan. That’s what I planned on doing. Just wanted to check if anyone else had already done it.
Read the twitter post from Graylog about the “APC extractor” when looking into it and figured I would ask first since the link is dead.