Hi! It's a pretty easy solution, there is a some details.
1. You need a logstash - download it from http://logstash.net, or find a
package for your OS
2. Next, create include in logstash's conf.d directory (in my case,
/etc/logstash/conf.d/some.conf), you can use something like this:
$ cat /etc/logstash/conf.d/sitecore.conf
input {
udp {
charset => "CP1252" # this is your input logs encoding
port => 20514 # logstash will listen this UDP port
buffer_size => 32768 # udp buffer size, e. g. i receive
long XMLs
}
}
# next block - some grok magic, read man @logstash.net
filter {
grok {
match => [ "message", "%{LOGLEVEL:severity}
\[(?<thread>.*)\] %{DOTNEWLINE:message}" ]
overwrite => [ "message" ]
patterns_dir => "/etc/logstash/patterns"
}
}
# and finally, send it to graylog2 gelf input (you may also specify port,
etc)
output {
gelf {
host => localhost
}
}
I use this config for IIS application logs that sends by log4net, maybe you
need to customise it.
3. Run GELF input in logstash
4. Run logstash
On Wednesday, July 30, 2014 5:17:46 PM UTC+4, ellyas ellyas wrote:
>
> Please explain in detail what is the solution? I have similiar problem. I
> pick up logs from win7x64rus. Russian symbols in string looks like that
>
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
