Back to listing

Syslog and ArcSight output plugin 2.5.x, 3.0.0 compatiblie

Plugin Release 2.4.5

Syslog output plugin for Graylog2

huksley
free!

Published

13 Jun 14:39

Last Push

13 Jun 14:40

Marketplace Rating

Discussion

8 Comments

Your Rating

Please sign in to rate this add-on.

Comments

huksley about 2 months ago

Hi all! Please use GitHub issues to comment and report issues, this page are not monitored, thanks!

Yall1963 7 months ago

Is it possible to forward messages to another syslog sink using this plugin?
I've tried this using the "structured" message format. Unfortunately the orginal full syslog message is written into the new message content whereas new syslog field (application_name, source and so on) are added according to the graylog server itself.

adamsh25 8 months ago

Hi,

I have issues with UTF-8 support, syslog messages with rfc5424 must contain the (BOM) prefix:
" If a syslog application encodes MSG in UTF-8, the string MUST start
with the Unicode byte order mask (BOM), which for UTF-8 is ABNF
%xEF.BB.BF. The syslog application MUST encode in the "shortest
form" and MAY use any valid UTF-8 sequence."

https://tools.ietf.org/html/rfc5424

f.g the German letter won't be supported - because the message data will be decoded to ASCII and not to UTF-8, exploring Wireshark packet sent with this plugin output stream, will result in a message that do not have the (POM) prefix.

Thank you,
Adam.

githubkatten about 1 year ago

Hi all!
Have anyone tried this on Graylog 2.4.3?
BR Andreas

vsegdacocacola about 1 year ago

Awesome plugin!
It would be great to replace deviceVendor/deviceProduct with ones presented in actual message (if any).

huksley about 2 years ago

Hi @951tinman, implemented in latest version. Check it out on github!

951tinman over 2 years ago

It would be awesome if this could have an encrypted TCP (TLS) connection parameter set for the TCP choice. (Graylog 2.1.1)

madchap about 3 years ago

Hi,

I can see the output show up in the dropdown box, but there is no box to configure it when you want to launch it, except for the name and prefix. Nothing about protocol, host, port or format.

I am running Graylog 1.3.4.

Thanks!
fred

Please sign in to comment.

Back to listing