Graylog integration with SophosUTM, date format exception

(Adam O'neil) #1

Hi all,

I’m getting the following while attempting to ship my logs from SophosUTM via its remote syslog feature.

at org.graylog2.shared.buffers.processors.ProcessBuffERROR [DecodingProcessor] Unable to decode raw message RawMessage{id=d71c4041-93eb-11e7-b61d-000c298a4b55, journalOffset=20457, codec=syslog, payloadSize=356, timestamp=2017-09-07T16:44:39.364Z, remoteAddress=/x.x.x.x:56291} on input <59b1607734cb3f05cf2f6f65>.

java.lang.IllegalArgumentException: Invalid format: “2017:09:07-17:44:39” is malformed at “:09:07-17:44:39”

It apparently doesn’t like the date format, but its coming in as an exception rather than something I can transform with an extractor.

I’ve only installed today, so very new to this. I can’t find anything to help me, hence reaching out.


(Jochen) #2

Please post the complete error message and some messages as context around that.

