Elastic-agent is parsing syslog events different (than Filebeat)

hermlam · November 27, 2020, 3:28pm

Hi,

I switched from the ‘classic’ Filebeat to Elastic-Agent. Very handy, but there is a difference how events are being parsed.

My Syslog events from devices and Raspberry Pies are routed via a central syslog server. And from there via Elastic-Agent to Elastic.

In the old way an event in Elastic was parsed like this:

Now it’s like this:

Now stuff like reports and SIEM aren’t working correctly anymore.

Thanks,

Herman

hermlam · November 28, 2020, 12:02am

I think I made a mistake.Sorry.
Please close this one for now

system · December 26, 2020, 2:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash, syslog, ECS and Kibana Logs / SIEM Logstash	5	824	June 30, 2021
FileBeats Syslog not being sent to Elastic Cloud Beats filebeat , elastic-agent	1	351	February 22, 2022
Elastic Agent System Integration Beats filebeat , elastic-agent	3	435	September 28, 2020
Remote Linux logs Elastic Agent	1	179	March 15, 2023
[solved] Host values differ between plugins on the same host Logstash	5	675	November 9, 2017