Missing Log Entry because of malformed date

Hi,

we have some devices sending messages like this
<190>2019-06-03,17:07:12 [tssh2c_0]hostname: SSH-6-SESSION_LESS:15 the number of Session 1 Channel id 0 in use is not more then zero.
These Messages show on Raw Text Input but not on Syslog Inputs. Maybe this is a problem with date format? Especially with the comma between date and time?
Is there any way to resolve this without Raw Text Input?

Kind regards
Manuel

@mritter

The Syslog Input needs valid Syslog messages - that includes a proper date format. As you already found that having a comma between date and time isn’t proper syslog the RAW Input is your only hope. Unless you can fix the source sending valid date formats.

@jan
Thanks for your reply. I was afraid it would be so, I only hoped that there is a chance to modify incoming messages before it was parsed.
Another question. Is there a way to parse RAW Messages as Syslog? For example change the Input to RAW and via Rules
if malformed -> manual parsing
else -> parse as syslog

Kind regards
Manuel

@mritter

I personal would create a RAW input and work with the processing pipelines. That gives you a wide-range of options.

Thanks for your advice,

after reading the docs a bit more, I found a function to parse facility and loglevel (expand-syslog-priority), this was the part I did not know how to do it manually.

Now everything works fine.

Kind regards
Manuel