I am using Graylog version 5.1. I would like to view the logs from Cisco Meraki MX via the Graylog server. However, when I click on “Show Received Messages” under the input section, nothing appears, even though I can see the “Throughput/Metrics” in the input section. I’ve encountered an error in the log file. When I configured the plaintext logs, everything worked fine. I need to understand why the syslog logs are not working.
java.lang.IllegalArgumentException: Invalid format: “1697791873.466570395” is malformed at “3.466570395”
at org.joda.time.format.DateTimeFormatter.parseDateTime(DateTimeFormatter.java:945) ~[graylog.jar:?]
at org.joda.time.DateTime.parse(DateTime.java:160) ~[graylog.jar:?]
at org.graylog2.syslog4j.server.impl.event.SyslogServerEvent.parse8601Date(SyslogServerEvent.java:153) ~[graylog.jar:?]
at org.graylog2.syslog4j.server.impl.event.SyslogServerEvent.parseDate(SyslogServerEvent.java:125) ~[graylog.jar:?]
“Could someone please assist me? I’ve been waiting for help for the past 3 days, but no one has responded. My Graylog server is not receiving syslog. It displays the data in MBs, but when I click on ‘Show Messages’ under the input, it displays nothing. I’ve already provided a screenshot of the logs above.”
more details would be helpful.
What kind of input did you use? It looks as Meraki does not send syslog according to the standard. Did you try a Raw input?
First of all, thank you, sir, for replying to my post. I have been waiting for response for the past three days.
Let me explain in detail:
Sir, the RAW/Plain Text and NETFLOW are functioning properly on the Graylog server. However, only the syslog data isn’t visible. It indicates that data is being fetched in GiBs, but when I click to view the received messages, it shows nothing. I would like to know how I can view my syslog-related data. I don’t want to rely on RAW plain text.
attached is the screenshot for your reference. let me know if you need to know anything else.
Hi @ali40
I think Meraki does not send Syslog as Graylog is expecting. Therefore you have the error message.
My suggestion is to open an exclusive input for meraki only with the type Raw. It will be almost the same as syslog as it looks to me. Parsing is neccesary anyway.
