Hi All - I just started using Graylog to log from my Cisco 3750 switches. I am getting logs and everything looks correct except the “source” shows as the month for everything. I suspect this is due to either GROK or extractors but I am not sure how to fix this. Does anyone have experience with logging this? I have searched numerous topics and can’t seem to find an answer. Here is additional info below, thanks!
This may be helpful, the Cisco’s are really weird about this for some reason Source name in the Cisco Firepower Syslog - #6 by jan
Thank you. Adding:
logging origin-id hostname
to my switches fixed the issue. The only thing that doesn’t look right is that I have a : at the end of the hostname but I can live with it for now. If anyone has an idea on that one let me know, thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
