Issue received log from cyberoam syslog

csamart · October 22, 2019, 5:22am

I was setup log sending from cyberoam firewall but I cannot read log from cyberoam. Log was show as picture, I was test kiwi syslog are read find. please help.

Environment: Graylog server on Ubuntu 18.04

jan · October 22, 2019, 6:55am

how did you ingest messages? What Graylog version did you use exactly?

csamart · October 22, 2019, 7:05am

Thanks Jan for response, I ingest via send syslog to graylog as picture. Graylog v.3.1.2 and extractors is Graylog extractors for Spohos UTM 9 sendard syslog fields.

csamart · October 22, 2019, 7:07am

Input setup as picture

csamart · October 22, 2019, 7:11am

When show received messages as picture

jan · October 22, 2019, 8:41am

I do not know what format the logs are send from this device - but I guess that they are not following any standard? You might want to check how they look like when you send them to a RAW input…

csamart · October 22, 2019, 9:19am

When I send same log to Kiwi Syslog are find, I guest it may be configuration of Graylog or Ubuntu but I don’t know where to fix it.

jan · October 23, 2019, 8:22am

you might want to send them to a RAW input in Graylog to check if that can read it …

csamart · October 24, 2019, 3:23am

Raw/pain text result same as Syslog UDP.

zoulja · October 24, 2019, 7:45am

Can you grab some packets with tcpdump and show packet’s content?

Topic		Replies	Views
Graylog and Sophos logs Graylog Central (peer support)	2	3427	March 30, 2018
Unable to get the logs in graylog gui Graylog Central (peer support)	4	346	February 10, 2022
Graylog not taking syslog Graylog Central (peer support)	2	787	August 24, 2017
Graylog and Sophos XG Graylog Central (peer support)	4	1172	March 30, 2024
Syslog sending logs Graylog Central (peer support)	7	2029	July 3, 2018

Issue received log from cyberoam syslog

Related topics