New install, 'Nothing Found'


#1

Newly installed, messages are received but not searchable. I searched using absolute date range, to account for possible time stamp issue, nothing found. Nothing in steams, metrics shows received data. Any ideas?
image
Nothing in steams, metrics shows received data.


(Jochen) #2

What kind of messages are you sending to that input?
Could you share some examples?


#3

SYSLOG from Meraki MR Access Points:

Jan 4 16:13:57 192.168.9.127 1 1515107637.243950712 Production_North events type=wpa_deauth radio=‘0’ vap=‘4’ client_mac=‘F4:F5:24:34:22:22’ aid=‘1777900845’

Jan 4 16:14:01 192.168.9.127 1 1515107641.246481171 Production_North events type=wpa_deauth radio=‘0’ vap=‘4’ client_mac=‘F4:F5:24:34:22:22’ aid=‘1777900845’

Jan 4 16:14:01 192.168.9.127 1 1515107641.247293417 Production_North events type=disassociation radio=‘0’ vap=‘4’ client_mac=‘F4:F5:24:34:22:22’ channel=‘6’ duration=‘3.998750390’ auth_neg_failed=‘1’ is_wpa=‘1’ aid=‘1777900845’


#4

After I answered your question, I changed the input type to Raw/Plaintext and now I see the data. I wonder why Syslog doesn’t work?


(Jan Doberstein) #5

your Meraki did not send valid Syslog Messages. That is IMHO the reason.


(Jochen) #6

Syslog messages have to start with a syslog priority (PRI) field:


#7

Thanks for your responses! Nice to have a fully functioning, feature rich log server.


(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.