beacause using Gork and extractors is a pain in the ass, GELF is mores
structured than syslog msgs , i've showed you the message i recieve from
the syslog server it got all kinds of informations and to extracte them one
by one is pretty complicated
look at this
cbv-w0033.production.infra {"EventTime": "2016-10-24
09:29:34","Hostname":"..-W0025......","Keywords":4611686052787126272,"EventType":"INFO","SeverityValue":2,"Severity":"INFO","EventID":100,"SourceName":"Microsoft-Windows-Diagnosis-DPS","ProviderGuid":"{6BBA3851-2C7E-4DEA-8F54-31E5AFD029E3}","Version":0,"Task":1,"OpcodeValue":12,"RecordNumber":524,"ActivityID":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","ProcessID":1804,"ThreadID":5436,"Channel":"Microsoft-Windows-Diagnosis-DPS/Operational","Domain":"AUTORITE
NT","AccountName":"SERVICE LOCAL","UserID":"S-1-5-19","AccountType":"Well
Known Group","Message":"Le module de diagnostic
{282396B2-6C46-4D66-B413-70B0445DF33C}
(%SystemRoot%\\system32\\diagperf.dll) a détecté un problème pour le
scénario {186F47EF-626C-4670-800A-4A30756BABAD}, instance
{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}, ID d’activité d’origine
{00000000-0000-0000-0000-000000000000}.","Category":"Cycle de vie du
scénario","Opcode":"Un module de diagnostic a détecté un
problème","ScenarioId":"{186F47EF-626C-4670-800A-4A30756BABAD}","InstanceId":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","OriginalActivityId":"{00000000-0000-0000-0000-000000000000}","DiagnosticModuleImageName":"%SystemRoot%\\system32\\diagperf.dll","DiagnosticModuleId":"{282396B2-6C46-4D66-B413-70B0445DF33C}","EventReceivedTime":"2016-10-24
09:29:35","SourceModuleName":"in","SourceModuleType":"im_msvistalog"}#015
Le lundi 24 octobre 2016 09:49:16 UTC+2, Jochen Schalanda a écrit :
>
> Hi,
>
> the instructions on the rsyslog website
> <http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html> are
> unsurprisingly for rsyslog.
>
> But why exactly do you want to forward your syslog messages using the GELF
> protocol? You won't gain anything from it…
>
> Cheers,
> Jochen
>
> On Monday, 24 October 2016 09:26:38 UTC+2, Benbrahim Anass wrote:
>>
>> Hi everyone,
>> i'm wondering if is it possible to send rsyslog data via GELF to Graylog,
>> i saw this tutorial but since i'm newbie i dont know where to create that
>> templet or any of that config
>> http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html
>> hope someone can explain that to me
>> thanks in advance
>>
>> cheers
>> Anas
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a8775629-12b7-40eb-b14f-084df5735dee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
