Hi eveyone, I'm try to send pihole.log to my syslog-ng server through an splunk universal forwarder. Why through an UF, because at the end I wanna have the logs into my Splunk environment.
Details about my system:
I configured following files:
inputs.conf
[monitor:///var/log/pihole.log]
disabled = false
sourcetype = pihole:log
output.conf
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = 10.20.30.15:514
[tcpout-server://10.20.30.15:514]
props.conf
[dnsmasq]
NO_BINARY_CHECK = true
DATETIME_CONFIG =
TIME_FORMAT = %b %d %H:%M:%S
The issue I'm gonna get is that the log file on the syslog side looks like this:
Dec 22 12:58:04 10.20.30.5 @
Dec 22 12:58:04 10.20.30.5
Dec 22 12:58:04 10.20.30.5 __s2s_capabilities
Dec 22 12:58:04 10.20.30.5 ack=0;compression=0
Dec 22 12:58:04 10.20.30.5 _raw
Dec 22 12:58:24 10.20.30.5 --splunk-cooked-mode-v3--
Dec 22 12:58:24 10.20.30.5 pihole
Dec 22 12:58:24 10.20.30.5 8089
Dec 22 12:58:24 10.20.30.5 @
Dec 22 12:58:24 10.20.30.5
Dec 22 12:58:24 10.20.30.5 __s2s_capabilities
Dec 22 12:58:24 10.20.30.5 ack=0;compression=0
Dec 22 12:58:24 10.20.30.5 _raw
which is not really much
Do you have a hint for me to solve this issue? I'd be very happy