Old content pack import failed in graylog 4.3

tmacgbay · January 5, 2023, 4:10am

If that is your plan, you really need to be super efficient. I see this as working out in stages…

Pipeline rules Stage One - break out the following into fields:
(allowing the message to pass to stage two if at least one rule matches)

syslog_priority
syslog_version
timestamp_c (don’t get it confused with the Graylog Timestamp)
log_type

Then in Stage Two you can create a series of rules that only act on the message if it’s relevant so here are examples:

rule "Cisco - LineProto"
when
   to_string($message.log_type) == "LINEPROTO-5-UPDOWN"
then
   <script that GROK's the data after LINEPROTO-5-UPDOWN into the correct fields>
end

rule "Cisco - Link-Updown"
when
   to_string($message.log_type) == "LINK-3-UPDOWN"
then
   <script that GROK's the data after LINK-3-UPDOWN into the correct fields>
end

rule "Cisco - Link-Changed"
when
   to_string($message.log_type) == "LINK-5-CHANGED"
then
   <script that GROK's the data after LINK-5-CHANGED into the correct fields>
end

Topic		Replies	Views
How to collect cisco switch log on graylog? Graylog Central (peer support)	11	22200	January 23, 2018
Cisco Catalyst for Graylog Content Pack content-pack	0	2455	March 7, 2022
How to collect cisco wlc logs to Graylog Content Pack content-pack	1	1704	September 28, 2022
Cisco Logs \| Graylog Graylog Central (peer support)	11	6134	February 3, 2018
Graylog Cisco Switch Input Failed Graylog Central (peer support)	9	2663	February 17, 2020

Old content pack import failed in graylog 4.3

Related Topics