TCP Syslog?

@Michael Rodrigues thanks for the update -- will try it out again once I have upgraded to the new version.

I was told this same thing by our CSM at the time, but the idea that Cisco syslog was somehow unsupported was very odd, and there is nothing in  https://www.logicmonitor.com/support/eventsources/types-of-events/syslog-monitoring/ that mentions any specific RFC requirement.  I am aware the newer https://tools.ietf.org/html/rfc5424 has definitions to allow for structured fields and this obsoletes the original https://tools.ietf.org/html/rfc3164, but certainly most devices out there like Cisco, HP, etc. still use 3164 so it was odd to hear "violates the RFC".  Even then, RFC 5424 allows for 3164-style unstructured messages (where there are zero structured elements).

The impact of this on our attempts to leverage syslog eventsources was that we could not create working filters on the message field, which is traditionally one of very few fields you can expect in syslog messages.  RFC3164 fields (some, not all) continue to be the only ones you can define in the eventsource filter, so I am still unsure what RFC is being violated by Cisco:

With our SumoLogic setup, we are able to create all sorts of fields from regex matches so we have stuff like cisco_subsys, cisco_severity, etc. from the %XXX-M-XXX: string within messages, for example.  I don't really see LM working for syslog in its current implementation, unfortunately.  My goal has been to integrate with SumoLogic instead via their API.