[graylog2] Re: Syslog Data from specific server not in Graylog Web Interface

Wed, 14 Dec 2016 07:26:28 -0800 

try Parsing them, i use Json template to do that if it's only a syslog type 
of logs

create a file /etc/rsyslog.d/toto.conf

template(name="json-template"
  type="list") {
    constant(value="{")

      constant(value="\"@timestamp\":\"")     property(name="timereported" 
dateFormat="rfc3339")
      constant(value="\",\"@version\":\"1")
      constant(value="\",\"message\":\"")     property(name="msg" 
format="json")
      constant(value="\",\"sysloghost\":\"")  property(name="hostname")
      constant(value="\",\"severity_label\":\"") 
 property(name="syslogseverity-text")
      constant(value="\",\"severity\":\"")   
 property(name="syslogseverity-text")
      constant(value="\",\"facility\":\"")   
 property(name="syslogfacility-text")
      constant(value="\",\"programname\":\"") property(name="programname")
      constant(value="\",\"rawmsg\":\"")      property(name="rawmsg")
      constant(value="\",\"procid\":\"")      property(name="procid")
    constant(value="\"}\n")
}


*.* @@ur_server:Port;json-template


Le mercredi 14 décembre 2016 15:59:01 UTC+1, secte...@gmail.com a écrit :
>
> Actually i see data received in Graylog Web Interface - but it shows like 
> the "Source" field is not the actual ip adress of the server sending the 
> Syslog data, but source represents some function on the server, and not the 
> server IP , so i am not able to do filtering based on Source (IP) - any 
> rules that can by set up en graylog to make sure the Source is the IP 
> adress of the server?
>
> Thanks.
>
> On Wednesday, December 14, 2016 at 3:10:16 PM UTC+1, Benbrahim Anass wrote:
>>
>> Hi
>> make sure your logs are comming to the graylog by recieving them first on 
>> syslog
>> cheers
>>
>> Anas
>>
>> Le mercredi 14 décembre 2016 15:05:51 UTC+1, secte...@gmail.com a écrit :
>>>
>>>
>>> Hi,
>>>
>>> Syslog data is not received correctly by Graylog - as it can not show 
>>> data from specific source.
>>>
>>> If I do a Wireshark trace on the Graylog server, I see the Syslog 
>>> messages are sent correctly from specific server to the Graylog server - 
>>> but data is not shown in Graylog web interface ? Any ideas?
>>>
>>> Running Graylog 2.1.2 on Ubuntu 14.04
>>>
>>> Thanks.
>>>
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7b1c2414-f74c-4274-9aab-622c48b6b910%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to