Hello, we have just recently started ingesting syslog logs with the CEF module of Filebeat.
We are receiving the error message: 2020-04-01T14:02:47.863-0500 ERROR [syslog] syslog/input.go:243 can't parse event as syslog rfc3164.
I have seen other issues dealing with the time format of the syslog event being the wrong format. However, some events are being successfully ingested, and others are giving a parsing error.
.The events seem identical. Any suggestions appreciated!
Thanks
Related issue: https://github.com/elastic/beats/issues/16824
Hi @WBakeberg!
If the related issue covers your case please track this for updates or just add a comment with any extra information you could provide so as to track it there and not in multiple places.
Thanks!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
