I've been struggling epically to export legible logs from my Meraki devices to a server running Syslog-NG OSE 3.30. No matter what source driver I use on the server, I see errors like this (identifying details changed): May 28 15:56:23 syslog-ng: Error processing log message: <134>1>@< 1622231783.881009670 HOSTNAME1 flows allow src=10.1.1.1 dst=10.2.1.1 mac=BLAH protocol=icmp type=0
May 28 15:56:23 syslog-ng: Error processing log message: <134>1>@< 1622231783.857281611 HOSTNAME2 flows allow src=10.1.1.2 dst=10.2.1.2 mac=BLAH protocol=icmp type=0 Is this a Meraki compliance problem with RFC3164 or RFC5424? Or just a message formatting idiosyncrasy? Does it mean that I have to parse Meraki syslog messages specially on my Syslog-NG server with an XML file in patterndb? If so, can anyone point to an example of one that I can look at? Thanks!
... View more