Convert hex string in syslog to ascii in Graylog

tlee-drf · October 11, 2017, 9:05pm

I have the following message from auditd tty logging forwarded to syslog:

node=testchefnode05.drf.corp type=TTY msg=audit(1507750553.739:348): tty pid=2203 uid=0 auid=1270 ses=2 major=136 minor=0 comm=“bash” data=63616C20323031310D

The “data” field is a hex string of the recorded tty ketstrokes.

For example the hex string “63616C20323031310D” above would be “cal 2011[13]” in ascii, where [13] is a carriage return.

I would like to get that converted to an ascii string so it is readable. Is there some sort of function that I can use in an extractor or pipeline to do that?

jochen · October 12, 2017, 6:52am

There’s no such function out of the box, but you could write a Graylog plugin which will provide this function.

See https://www.graylog.org/blog/71-writing-your-own-graylog-processing-pipeline-functions for an example.

system · October 26, 2017, 6:52am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Convert hex string to ascii, now possible Graylog Central (peer support)	2	642	September 6, 2021
REST API present in syslog comes in distorted format Graylog Central (peer support)	4	440	February 16, 2020
Indexing data from syslog RFC 5424 Graylog Central (peer support) sidecar , nxlog , nodatanx	9	2583	March 4, 2019
Howe to remove control characters from GELF output? Graylog Central (peer support) gelf	4	84	February 13, 2024
Can't get Syslog messages Graylog Central (peer support)	5	762	December 1, 2017

Convert hex string in syslog to ascii in Graylog

Related Topics