How to collect logs from non-rfc5424 protocol

Hi guys,

I installed the graylog v4.2.8 and config inputs. then add configuration (. @10.255.0.3:1514;RSYSLOG_SyslogProtocol23Format
) to /etc/rsyslog.conf. it works and I can recieve logs from pfsense2.6. however I can not revieve the from pfsense2.4.5. pfsense2.6 can change the log format to RFC5424, but pfsense2.4.5 can not change it.
how can I recieve the logs from pfsense2.4.5.

You can have the pfSense 2.4.5 point to a different input and perhaps use a RAW input… it may not break out as many fields nicely for you, but You can take care of that with Extractors and/or Pipeline Processing

1 Like

thank you I’ll try it

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.