You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Logstash version: 7.12.0
Logstash source: RPM
Running as a service
Plugin installed with Logstash
OpenJDK Runtime Environment (build 1.8.0_282-b08)
Linux aws-logstashd1 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The syslog input plugin puts the remote syslog sender name or address into the host field. In fact this should go into agent.name according to ECS. The value for host.name (note - NOT host as currently done) should come from the hostname portion of the syslog text.
For example, if I simulate sending the plugin some sample text from the local system:
nc 127.0.0.1 5140
<11>1 2021-05-06T15:34:17+01:00 SERVER1 validuser - - [meta sequenceId="90"] User [email protected] Login failed - Invalid user/password
The plugin creates:
host: LOCALHOST
message: User [email protected] Login failed - Invalid user/password
...
Where it should create:
agent.name: LOCALHOST
host.name: SERVER1
message: User [email protected] Login failed - Invalid user/password
...
The text was updated successfully, but these errors were encountered:
Logstash version: 7.12.0
Logstash source: RPM
Running as a service
Plugin installed with Logstash
OpenJDK Runtime Environment (build 1.8.0_282-b08)
Linux aws-logstashd1 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The syslog input plugin puts the remote syslog sender name or address into the host field. In fact this should go into agent.name according to ECS. The value for host.name (note - NOT host as currently done) should come from the hostname portion of the syslog text.
For example, if I simulate sending the plugin some sample text from the local system:
nc 127.0.0.1 5140
<11>1 2021-05-06T15:34:17+01:00 SERVER1 validuser - - [meta sequenceId="90"] User [email protected] Login failed - Invalid user/password
The plugin creates:
host: LOCALHOST
message: User [email protected] Login failed - Invalid user/password
...
Where it should create:
agent.name: LOCALHOST
host.name: SERVER1
message: User [email protected] Login failed - Invalid user/password
...
The text was updated successfully, but these errors were encountered: