Issue received log from cyberoam syslog

I was setup log sending from cyberoam firewall but I cannot read log from cyberoam. Log was show as picture, I was test kiwi syslog are read find. please help.

Environment: Graylog server on Ubuntu 18.04

how did you ingest messages? What Graylog version did you use exactly?

Thanks Jan for response, I ingest via send syslog to graylog as picture. Graylog v.3.1.2 and extractors is Graylog extractors for Spohos UTM 9 sendard syslog fields.

Input setup as picture

When show received messages as picture

I do not know what format the logs are send from this device - but I guess that they are not following any standard? You might want to check how they look like when you send them to a RAW input…

When I send same log to Kiwi Syslog are find, I guest it may be configuration of Graylog or Ubuntu but I don’t know where to fix it.

you might want to send them to a RAW input in Graylog to check if that can read it …

Raw/pain text result same as Syslog UDP.

Can you grab some packets with tcpdump and show packet’s content?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.