Filebeat CEF module can't parse event as syslog rfc3164

WBakeberg · April 1, 2020, 7:09pm

Hello, we have just recently started ingesting syslog logs with the CEF module of Filebeat.

We are receiving the error message: 2020-04-01T14:02:47.863-0500 ERROR [syslog] syslog/input.go:243 can't parse event as syslog rfc3164.

I have seen other issues dealing with the time format of the syslog event being the wrong format. However, some events are being successfully ingested, and others are giving a parsing error.

.

The events seem identical. Any suggestions appreciated!

Thanks

WBakeberg · April 1, 2020, 7:17pm

Related issue: https://github.com/elastic/beats/issues/16824

ChrsMark · April 2, 2020, 8:30am

Hi @WBakeberg!

If the related issue covers your case please track this for updates or just add a comment with any extra information you could provide so as to track it there and not in multiple places.

Thanks!

system · April 30, 2020, 8:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat CEF Checkpoint errors Beats beats-module , filebeat	6	1009	August 5, 2021
Filebeat module cef syslog parse errors Beats beats-module , filebeat	13	2058	April 15, 2020
Filebeat CEF Module Beats filebeat	9	2153	December 3, 2019
Can't parse event as syslog rfc3164 Beats filebeat	2	4270	January 31, 2020
Can't parse event as syslog rfc3164 Beats filebeat	5	347	March 4, 2024

Filebeat CEF module can't parse event as syslog rfc3164

Related topics