We are using graylog since quite a time very successfully. Currently we are running Version:
2.4.3+2c41897, codename Wildwuchs.
We are using Meraki access points too. Meraki respectively Cisco offers an excellent tool for monitoring, analyzing and statistics. But there is also a possibility to define a syslog server. So my colleague defined a new input for graylog with syslog UDP as done several times before. Meraki cloud is configured sending to this port and IP. Doing so in that moment graylog runs amoc. I have seen up to 2000 graylog entries per minute. Normally I have not a single one from graylog itself over hours. In the systems/input field I see that packets are coming but nothing in the search page. Stopping the input brings the graylog server back to normal behaviour.
I am quite sure this format from Meraki doesn’t fit the standards. But I am wondering why graylog doesn’t simple throw away a malformed packet.
Is there someone out there who configured Meraki and graylog successfully ?
Below some of these endless graylog messages.
2018-03-30 19:55:39.316 graylog-server at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?] 2018-03-30 19:55:39.315 graylog-server at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:42) [graylog.jar:?] 2018-03-30 19:55:39.315 graylog-server at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:74) [graylog.jar:?] 2018-03-30 19:55:39.314 graylog-server at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:91) [graylog.jar:?] 2018-03-30 19:55:39.313 graylog-server at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:150) ~[graylog.jar:?] 2018-03-30 19:55:39.312 graylog-server at org.graylog2.inputs.codecs.SyslogCodec.decode(SyslogCodec.java:96) ~[graylog.jar:?]