I have some customers that have several products/solutions able to send syslog messages using CEF protocol but the decoder seems to descard them because the syslog messages came without the PRI header. My question here is, there is someway to the decoders accept those messages and parse them with the CEF parser?
here are some examples:
This one is not parsed
(it also generates a message on the decoder)
oct 01 10:39:42 HOSTNAME CEF:0|Vendor|Product|10.3|10000|Message Description|2|msg=Some text here field1=value1 field2=2
Message on the decoder:
Oct 1 15:12:57 ldecoder NwLogDecoder[23707]: [SYSLOG] [warning] Unidentified content from 127.0.0.1 received on syslog receiver: 'oct 01 10:39:42 HOSTNAME CEF:0|Vendor|Product|10.3|10000|Message Description|2|msg=Some text here field1=value1 field2=2'
This one IS parsed
<1> oct 01 10:39:42 HOSTNAME CEF:0|Vendor|Product|10.3|10000|Message Description|2|msg=Some text here field1=value1 field2=2
Thanks in advance!
regards!
Max
