[graylog2] Re: Graylog and field source as ip address

Mon, 13 Jul 2015 07:03:12 -0700 

FYI
     I fixed my problem was changing the input mode, so I replaced om_tcp 
by om_udp.

Thank you.

On Friday, July 10, 2015 at 5:46:39 AM UTC-3, Juan Andres Ramirez wrote:
>
> Hello guys,
>         I was searching the solution for my problem but I can't found the 
> answer.
>        I have a server with graylog version: 1.1.3, connected to other 
> server with Elasticsearch. I created a inputs type Raw/Plaintext TCP to get 
> RabbitMQ logs from a Windows server 2008.  The agent to get these logs is 
> Nxlog.
>        I recieved the logs as well, but the field source show me the ip 
> address and not the hostname.
>        I checked the server if got the dns from server, so I ran the 
> following commands for checking it:
>
> [root@localhost ~]# host 10.101.250.119
> 119.250.101.10.in-addr.arpa domain name pointer cviaddzw12.office.xxx.com.
> 119.250.101.10.in-addr.arpa domain name pointer cviaddzw12.datacenter.xxx.
> com.
> [root@localhost ~]# dig -x 10.101.250.119
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> -x 10.101.250.119
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10435
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;119.250.101.10.in-addr.arpa.   IN      PTR
>
> ;; ANSWER SECTION:
> 119.250.101.10.in-addr.arpa. 1200 IN    PTR     cviaddzw12.datacenter.xxx.
> com.
> 119.250.101.10.in-addr.arpa. 1200 IN    PTR     cviaddzw12.office.xxx.com.
>
> ;; Query time: 0 msec
> ;; SERVER: 10.101.1.52#53(10.101.1.52)
> ;; WHEN: Thu Jul  9 13:00:58 2015
> ;; MSG SIZE  rcvd: 125
>
>
>
> I think the problem isn't the resolv DNS.
>
> Configuration Nxlog (extract)
> define SERVER serverName
>
> <Extension fileop>
>     Module         xm_fileop
> </Extension>
>
> # Watch your own files.
> <Input rabbitmq>
>     Module im_file
>     File        'C:\\rabbitmq\\log\\rabbit.log'
>     SavePos     TRUE
>     Exec        $Hostname = '%SERVER%';
>     Exec        $Server = 'CVIADDZW12';
> </Input>
>
> <Output out>
>     Module      om_tcp
>     Host        10.101.81.190
>     Port        5555
> </Output>
>
> <Route 1>
>     Path        rabbitmq => out
> </Route>
>
> I tried create an other field named $Server, but isn't works too.
>
> Anyone has any idea?.
>
> Thank you very much.
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to