The syslog input is failing to parse the syslog header. We're seeing this problem a lot because Filebeat's syslog input is too strict and only supports BSD-style RFC3164 messages.
In your case it might be related to the date format that your CEF exporter is using. Do you have a config option to change it?
As an alternative, you can modify the module to use the udp input instead of the syslog input, which does no parsing. See this message:
The file you need to change is module/cef/log/config/input.yml under /usr/share/filebeat/....
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.