Hi  @Enkidu77 

Does the controller generate logs correctly? 

If you downgrade to the official version 5.14.26.1, will the issue disappear?

  @Vincent-TP in doing a little more investigation, it seems the messages are being consumed, but the format has changed.  The source and timestamp information is not properly sent as seen below.  

I can work around this partially by configuring a separate Graylog input just for the Omada controller, but without more significant pipeline or pattern configuration I can't easily reformat the incoming information with the correct source and timestamp.  It seems the beta versions of the controller have switched to a different output format -- it would be helpful to understand what changes were made and why.  No configuration adjustment was required with the pre-beta version of the controller, and the same syslog input worked across all my devices and servers.  It is not ideal to have to configure a separate input or additional Graylog configuration because of this change.  

  @Enkidu77 

Thank you for the information.

For a comparison, would you please share an example of the logs from the old controllers?

  @Vincent-TP sure, see below.  Note that before the issue began with the beta controller, the logs were separated out by whether they came from global logging or site logging (Home is the name of my homelab network).  They were also properly formatted with date and time.

Hi  @Enkidu77 

From this version, we have modified the time format. It has been changed from "{year-month-day T hour:minute:second.millisecond}" to "{year-month-day (space) hour:minute:second}.

Before:

Now: 

Please modify the matching rule accordingly and see if the issue persist.

  @Vincent-TP Hi Vincent, I will test this in the next day or two and let you know. Thanks for the update.