Hello, I am using the latest version of graylog 2.4, I have detected that ubiquiti devices in the source field instead of sending the ip of the device it sends random fields like service name (lighttpd, drogbear) or the username of the logged in user at the moment but never the ip of the device, how can I solve this?
I try this:
rule “Set Source IP” when has_field(“source”) then set_field(“source_ip”, to_string($message.gl2_remote_ip)); end
But not happening 
just for reference: https://github.com/Graylog2/graylog-plugin-map-widget/issues/63
As written in the issue, what version, what hardware did you use?
I can’t reproduce this and this must be something that is broken in your unifi setup.
regards
Jan
For me this looks like your devices did not send valid Syslog.
You should clarify on https://help.ubnt.com/hc/en-us how to validate that the devices send syslog.
You should enable in Graylog “store full message” for that Syslog input and look for the messages. Maybe we can spot this way what is wrong.
the full_message reveals that your devices did not send syslog messages that are following any rfc that Graylog supports.
You should contact the vendor.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
