I’m curious how parsing of Cisco and Fortinet logs work. Does Graylog perform a regex comparison on every message that arrives and then automagicly extract the fields?
alias454 (@_alias454) #1
jochen (Jochen) #2
Yes, it’s pretty much that. There are (simple) heuristics in place to guess what type of syslog message was received and how to process it further: