I am tryinf to make a grok filter for the Synology NAS syslog messages, but I keep on getting a _grokparsefailure even though my filter works according to http://grokdebug.herokuapp.com/.
Filter:
"<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{WORD:program} %{GREEDYDATA:syslog_message}"
And here is what a log message looks like:
<14>Nov 14 15:05:28 sflns001 Connection username:\tUser [USERNAME] logged in from [46.140.124.122] via [DSM].\n