How does the automatic parsing of Cisco and Fortinet logs work?


(@_bkeep) #1

I’m curious how parsing of Cisco and Fortinet logs work. Does Graylog perform a regex comparison on every message that arrives and then automagicly extract the fields?


(Jochen) #2

Yes, it’s pretty much that. There are (simple) heuristics in place to guess what type of syslog message was received and how to process it further: