Hi,

We are receiving Cisco ACI System Messages via our syslog infrastructure. I have looked at the Cisco ACI Add-On to get the correct sourcetype and parsing, but nothing seems to match any of the patterns of the data.

Example data:

2021-09-13T06:52:21.666000+02:00 ACI-xxxxx-APIC001 %LOG_-3-SYSTEM_MSG [F1547][raised_clearing][packets-dropped][major][dbgs/ac/svpcpath-115-116-to-167/fault-F1547] 100% of packets were received in excess during the last collection interval
2021-09-13T06:52:21.663000+02:00 ACI-xxxxx-APIC001 %LOG_-3-SYSTEM_MSG [F1545][raised][packets-dropped][major][dbgs/ac/dvpcpath-167-to-117-118/fault-F1545] 100% of packets were dropped during the last collection interval
2021-09-13T06:51:53.326000+02:00 ACI-xxxx-APIC001 %LOG_-3-SYSTEM_MSG [F1547][raised_clearing][packets-dropped][major][dbgs/ac/svpcpath-117-118-to-167/fault-F1547] 100% of packets were received in excess during the last collection interval

What sourcetype should this be? Is there an app for this? What am I missing here in my thinking?