我现在用logstash收集交换机日志,我们使用tcp的8514端口收集,其他的交换机都是正常的,但是有一台有问题,发现有版本差异,但是目前这个又没有办法升级。
原始日志如下:
Jan 24 17:39:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/33, changed state to down
但是在logstash上面看到
{"@timestamp":"2018-01-24T09:18:20.155Z","port":51713,"@version":"1","host":"10.60.185.9","message":"\u001D\r","type":"syslog-cisco","Location":"RCBC","tags":["_grokparsefailure"]}
可以看到message里面信息很奇怪,不知道有没有碰到过这个问题
原始日志如下:
Jan 24 17:39:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/33, changed state to down
但是在logstash上面看到
{"@timestamp":"2018-01-24T09:18:20.155Z","port":51713,"@version":"1","host":"10.60.185.9","message":"\u001D\r","type":"syslog-cisco","Location":"RCBC","tags":["_grokparsefailure"]}
可以看到message里面信息很奇怪,不知道有没有碰到过这个问题
0 个回复