Hello!
I have this input:
<189>date=2019-11-06 time=09:18:24 devname="FW" devid="FG200D4Q645" logid="0000000011" type="traffic" subtype="forward" level="notice" vd="josep" eventtime=1573045874 srcip=192.168.1.1 srcport=22222 srcintf="vlan11" srcintfrole="undefined" dstip=4.221.55.87 dstport=443 dstintf="vlan55" dstintfrole="undefined" poluuid="8az53d526-5480-5je6-d2f3-1c0d252b8ccde" sessionid=1457621354 proto=2 action="accept" policyid=11 policytype="policy" service="HTTPS" dstcountry="Country" srccountry="Reserved" trandisp="snat" transip=155.84.27.111 transport=22222 appid=41245 app="HTTPS.BROWSER" appcat="Web.Client" apprisk="medium" applist="AppControl_General" appact="detected" duration=1120 sentbyte=4449 rcvdbyte=12391 sentpkt=223 rcvdpkt=222 sentdelta=222 rcvddelta=222
I set the following input:
syslog {
port => 5444
type => 'firewall'
}
The data is coming to logstash but does not recognize the fields. I understand that if it is an input syslog would I have to do the automatic grok? Also I have a tag that says this:
tags: _grokparsefailure_sysloginput
Any idea what can happen? Thanks for your time!