You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are having issues parsing events been sent via TCP because the scripts adds facility number <30> to every event when syslog parameter is used in script even changed different log formats. How do we remove these facility number from logs as siem can't parse such log events which are modifying the JSON format?
Checked this via tcp dump command on server. Sharing the sample below.
We are having issues parsing events been sent via TCP because the scripts adds facility number <30> to every event when syslog parameter is used in script even changed different log formats. How do we remove these facility number from logs as siem can't parse such log events which are modifying the JSON format?
Checked this via tcp dump command on server. Sharing the sample below.
.aZ...dX<30>{"endpoint_id": "XXXXXXXXXXXXXX", "source_info": {"ip": "XXXXXXXXXXX"}, "customer_id": "XXXXXXXXXXX", "severity": "low", "endpoint_type": "computer", "type": "Event::Endpoint::UpdateSuccess", "group": "UPDATING", "id": "XXXXXXXXXXX", "name": "Update succeeded", "datastream": "event", "rt": "2023-09-12T11:49:53.664Z", "duid": "XXXXXXXXXXXX", "end": "2023-09-12T11:49:53.654Z", "suser": "XXXX\\XXXX", "dhost": "XXXX"}The text was updated successfully, but these errors were encountered: