diff --git a/modules/openstack_project/files/logstash/logstash-worker1/jenkins-log-pusher.yaml b/modules/openstack_project/files/logstash/logstash-worker1/jenkins-log-pusher.yaml
index 47ed63b519..287bc3ff6d 100644
--- a/modules/openstack_project/files/logstash/logstash-worker1/jenkins-log-pusher.yaml
+++ b/modules/openstack_project/files/logstash/logstash-worker1/jenkins-log-pusher.yaml
@@ -30,4 +30,7 @@ source-files:
     tags:
       - screen
       - keystonefmt
-# TODO(clarkb) Add swift and syslog logs here.
+  - name: logs/syslog.txt
+    tags:
+      - syslog
+# TODO(clarkb) Add swift logs here.
diff --git a/modules/openstack_project/templates/logstash/indexer.conf.erb b/modules/openstack_project/templates/logstash/indexer.conf.erb
index 60f8739472..bd651b97e6 100644
--- a/modules/openstack_project/templates/logstash/indexer.conf.erb
+++ b/modules/openstack_project/templates/logstash/indexer.conf.erb
@@ -84,12 +84,20 @@ filter {
     pattern => [ "(?m)^\(\b%{NOTSPACE:module}\b\):%{SPACE}%{DATESTAMP:logdate}%{SPACE}(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR)%{SPACE}%{GREEDYDATA:logmessage}" ]
     add_field => [ "received_at", "%{@timestamp}" ]
   }
+  grok {
+    type => "jenkins"
+    tags => ["syslog"]
+    # Syslog grok filter adapted from
+    # http://cookbook.logstash.net/recipes/syslog-pri/syslog.conf
+    pattern => [ "%{SYSLOGTIMESTAMP:logdate}%{SPACE}%{SYSLOGHOST:syslog_host}?%{SPACE}%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?:? %{GREEDYDATA:logmessage}" ]
+    add_field => [ "received_at", "%{@timestamp}" ]
+  }
 
   # Filters below here should be consistent for all Jenkins log formats.
   date {
     type => "jenkins"
     exclude_tags => "_grokparsefailure"
-    match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss" ]
+    match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
   }
   mutate {
     type => "jenkins"