Dear all,
Our company are using Graylog to collect some security log from F5 device. Everthing is ok until now. We have log format as below. Content in content field is long than in current log. Graylog can not get full this field. Does Graylog limit field length in Syslog UDP? How can I fix this issue???
message
hosting-f5-2 ASM:SourceIP <> Des_IP <> Des_Port 443 Location VN Attack_Type Abuse of Functionality policy_name /Common/web_cnmn.vnptdata.vn Severity Error Violation Illegal meta character in value Request POST /?controller=accounts&action=insertIdea HTTP/1.1\r\nHost: cnmn.vnptdata.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://?controller=accounts&action=department&id=3\r\nCookie: PHPSESSID=n7787uqmp2sf1l8lflss1ksdi0; BIGipServer_pool=695017083.47873.0000; TS0122e2ca=01ccf8641a458f4167305efa971d2a55bcdf890059fdc4670ac82abb8fb7774492069a21770af8de85c8027393a1ffb3b7583ec982b1f2e59fe7f78b24992a3b0db9a6ef3d\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 111\r\n\r\n**content=%3Cscript%3Ealert%28%22conghoaxahoichu**