Howe to remove control characters from GELF output?

Hello, I have the following problem. I am using a Graylog open 4.1 on a Debian. Graylog receives syslogs from several Windows clients and should forward them. The input works great, but the problem lies in the output. The output should be in GELF format using TCP and a custom port. At the receiver, the forwarded messages all arrive with many control characters (\t \r \n). I would like to process the output so that the control characters are removed or replaced with spaces. How should I proceed, is a pipeline the right approach for this?

Can you provide more detail about your use case? How are you sending logs form graylog? What are you sending the logs to that this is causing a problem?


I think the problem is with the GELF format. The input is syslog, which, as mentioned, is displayed correctly. The data is being sent to a SIEM system. And on this system, the messages arrive like this: AssignPrimaryTokenPrivilege\r\n\t\t\tSeIncreaseQuotaPrivilege\r\n\t\t\tSeSecurityPrivilege\r\n\t\t\tSeTakeOwnershipPrivilege\r\n\t\t

I know how to manipulate the input with extractors or a pipeline, but I’m stuck on the output.

Can you share what you mean by “output”? What is your intended goal or outcome? I’m not clear on what you are trying to do or how you are doing it so it is difficult to offer any helpful advice.

If you are sending gelf to a system that doesn’t understand that is an issue on the receiving end.

For reference GELF via UDP

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.