I’m looking at using fluentd to ingest syslog entries from my idracs but I’m running into some issues trying to parse the format of the log entries the dracs are pushing.
Using the following config -
<source> @type syslog port 42186 tag idrac source_hostname_key source time_format "%Y-%m-%dT%H:%M:%S%z" message_format rfc5424 </source>
I’m getting an error -
2021-05-13 13:19:47 +0100 [warn]: #0 failed to parse message data="<174>Severity: Informational, Category: Audit, MessageID: USR0032, Message: The session for root from xxx.xxx.xxx.xxx using GUI is logged off."
Do I understand correctly that this isn’t a standard log format and that I need to parse this myself?
Only issue I have here is that the log entries from the drac differ each time. I can’t guarantee that, for example, I’ll always have the same fields each time.
2021-05-13 13:00:05 +0100 [warn]: #0 failed to parse message data="<182>os: 2021 RAC:root login from xxx.xxx.xxx.xxx"
What is the recommended course of action here?
I tried to do this in order to just grab the whole syslog entry as ‘message’ to get it ingested but I just got the same failed to parse message data message.