This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Ingesting a generic Syslog RFC 5424 into Chronicle?

Posted on 04-22-2023 09:10 AM
kbprogrammer
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi. I've got a RFC 5424 Syslog message I am attempting to ingest into Google Chronicle using the REST ingestion API.  The vendor is Mako Networks. I do not see a parser for this particular vendor listed here (https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers). 

Is there a vendor neutral Syslog parser for Chronicle? Do I need to convert this to UDM? Any guidance would be greatly appreciated? 

Solved Solved
0 2 843
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
kbprogrammer
Bronze 1
Bronze 1
In response to Rene_Figueroa
Reply posted on --/--/---- --:-- AM

Hi! I did some research and the Mako Network logs conforms to the Netfilter spec (https://www.netfilter.org/) and luckily, there is a NETFILTER_IP parser already written. I had to do some debugging and formatting of the original syslog message coming from the mako devices before sending it to Chronicle as the Grok parser would fail to parse.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2
Top Solution Authors
View all