Meraki Syslog UDP with OVA Graylog v3.0.1+de74b68

r4inxdr0p · April 6, 2019, 12:36am

Does the new version of Graylog not work with Meraki Syslog UDP? Bit of a noob here so bare with me.

Set up syslog server in my Meraki dashboard (MX64) > using port 10514

In graylog i can see it is receiving logs when i have an Input set to SYSLOG UDP 10514 but i get the following errors in my graylog serverlog:

java.lang.IllegalArgumentException: Invalid format: “1554510730.684963576” is malformed at “0.684963576”
at org.joda.time.format.DateTimeFormatter.parseDateTime(DateTimeFormatter.java:945) ~[graylog.jar:?]
at org.joda.time.DateTime.parse(DateTime.java:160) ~[graylog.jar:?]
at org.joda.time.DateTime.parse(DateTime.java:149) ~[graylog.jar:?]
at org.graylog2.syslog4j.server.impl.event.SyslogServerEvent.parseDate(SyslogServerEvent.java:108) ~[graylog.jar:?]
at org.graylog2.syslog4j.server.impl.event.structured.StructuredSyslogServerEvent.parseDate(StructuredSyslogServerEvent.java:113) ~[graylog.jar:?]
at org.graylog2.syslog4j.server.impl.event.SyslogServerEvent.parsePriority(SyslogServerEvent.java:136) ~[graylog.jar:?]
at org.graylog2.syslog4j.server.impl.event.SyslogServerEvent.parse(SyslogServerEvent.java:152) ~[graylog.jar:?]
at org.graylog2.syslog4j.server.impl.event.structured.StructuredSyslogServerEvent.(StructuredSyslogServerEvent.java:50) ~[graylog.jar:?]
at org.graylog2.inputs.codecs.SyslogCodec.parse(SyslogCodec.java:126) ~[graylog.jar:?]
at org.graylog2.inputs.codecs.SyslogCodec.decode(SyslogCodec.java:96) ~[graylog.jar:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:150) ~[graylog.jar:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:91) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:74) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:42) [graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) [graylog.jar:?]
at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_191]

When I use raw UDP for input in graylog it receives logs just fine and can search (although they are a bit messy). I know there is a way to parse them but i am not there yet. Looking for a bit of direction before I waste time.

Thanks,

-Al

benvanstaveren · April 6, 2019, 7:27am

Looks like it’s sending a timestamp in Unix Timestamp format, which isn’t entirely kosher from a Syslog format point of view.

system · April 20, 2019, 7:29am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to see the syslog in graylog 5.1 version Graylog Central (peer support)	8	204	November 7, 2023
Cisco Meraki cant sent Syslog to Graylog Open Graylog Central (peer support) cisco	5	643	August 30, 2023
Syslog from Meraki generates load and lot of graylog logs Graylog Central (peer support)	3	1434	April 18, 2018
Cisco Meraki syslog Graylog Central (peer support)	3	1486	May 7, 2019
Cisco Meraki Syslog format Graylog Central (peer support)	3	1419	April 18, 2019

Meraki Syslog UDP with OVA Graylog v3.0.1+de74b68

Related Topics