Re: [graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
Thanks Bernd, but we want to send log to graylog2 without modifying PHP
configuration or application. Could you write a very simple sample of
chunked message for graylog2 (in the official documentation there isn't any
sample of chunked message, personally I think it is not sufficiently
explained)
Thank you again.
Regards
Alberto
On Monday, March 2, 2015 at 1:54:53 PM UTC+1, Bernd Ahlers wrote:
>
> Hey,
>
> if you want to send GELF messages from your PHP application, you might
> want to look at https://github.com/bzikarsky/gelf-php/.
> This is a ready to use PHP GELF library which also supports chunking.
>
> Hope that helps!
>
> Regards,
> Bernd
>
> On 1 March 2015 at 19:31, Jesús Alberto Vidal Cortés
> > wrote:
> > Can anyone write a detailed sample of a a chunked message?
> >
> > Thank you very much
> >
> >
> > On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal
> Cortés
> > wrote:
> >>
> >> Hi, I'm trying to process with gawk a PHP log for loading it graylog2
> (I
> >> have many log lines really big). I'm not able of send the correct
> >> information to graylog2 input UDP 12200
> >>
> >> If I want to send the next log (is gelf formated) entry to graylog2
> using
> >> two chunks how could I do it? What information must have exactly each
> chunk?
> >>
> >> {\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n
> >> \"short_message\":\"Chunked message\",\n \"timestamp\": 123455134,\n
> >> \"level\":1,\n \"_remote_addr\":\"10.1.104.57\",\n
> >> \"_idf\":\"987297342\",\n \"_process\":\"Process\",\n
> >> \"_uid\":\"9798742.938292\",\n \"_idcert\":\"9386101233\" \n}
> >>
> >> I'm able of loading this log line without using chunks (it's a simple
> log
> >> line sample) I'm trying to send the next two chunks to graylog2:
> >>
> >> 1.
> >> \x1e\x0f000102{\n \"version\": \"1.1\",\n
> >> \"host\":\"phcaeproma01\",\n \"short_message\":\"%s\",\n
> \"timestamp\":
> >> %d,\n \"level\":%d,\n \"_remote_addr\":\"%s\",\n \"_idf\":\"%s\",\n
> >> \"_process\":\"%s\",\n
> >>
> >> 2.
> >> \x1e\x0f000112\"_uid\":\"%s\",\n \"_idcert\":\"%s\" \n}
> >>
> >> and I obtain the next trace in graylog2 server log
> >>
> >> 2015-02-26 16:59:05,389 DEBUG:
> >> org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
> necessary
> >> to complete this message
> >> 2015-02-26 16:59:05,390 DEBUG:
> >> org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
> >> [chunks for 1 messages]:
> >> Message <3030303030303031> Chunks:
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> ID: 3030303030303031Sequence: 49/50 Arri
[graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
Can anyone write a detailed sample of a a chunked message?
Thank you very much
On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal
Cortés wrote:
>
> Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I
> have many log lines really big). I'm not able of send the correct
> information to graylog2 input UDP 12200
>
> If I want to send the next log (is gelf formated) entry to graylog2 using
> two chunks how could I do it? What information must have exactly each chunk?
>
> {\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n
> \"short_message\":\"Chunked message\",\n \"timestamp\": 123455134,\n
> \"level\":1,\n \"_remote_addr\":\"10.1.104.57\",\n
> \"_idf\":\"987297342\",\n \"_process\":\"Process\",\n
> \"_uid\":\"9798742.938292\",\n \"_idcert\":\"9386101233\" \n}
>
> I'm able of loading this log line without using chunks (it's a simple log
> line sample) I'm trying to send the next two chunks to graylog2:
>
> 1.
> *\x1e\x0f000102*{\n \"version\": \"1.1\",\n
> \"host\":\"phcaeproma01\",\n \"short_message\":\"%s\",\n \"timestamp\":
> %d,\n \"level\":%d,\n \"_remote_addr\":\"%s\",\n \"_idf\":\"%s\",\n
> \"_process\":\"%s\",\n
>
> 2.
> *\x1e\x0f000112*\"_uid\":\"%s\",\n \"_idcert\":\"%s\" \n}
>
> and I obtain the next trace in graylog2 server log
>
> *2015-02-26 16:59:05,389 DEBUG:
> org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
> necessary to complete this message*
> *2015-02-26 16:59:05,390 DEBUG:
> org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
> [chunks for 1 messages]:*
> *Message <3030303030303031> Chunks:*
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> **
> *ID: 3030303030303031Sequence: 49/50 Arrival:
> 1424966345389 Data size: 212*
> **
>
> *2015-02-26 16:59:05,390 DEBUG:
> org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
> necessary to complete this message*
>
>
> What I'm doing wrong?
>
> I'm using the next sentences to send the information from gawk server to
> graylog2 server:
>
> printf "\x1e\x0f%s%c%c%s","0001",48,50,substr(v_cad,1,200) |&
> "/inet/udp/0/10.253.114.218/12200";
> printf "\x1e\x0f%s%c%c%s","0001",49,50,substr(v_cad,201) |&
> "/inet/udp/0/10.253.114.218/12200";
>
> Thank you very much for any help. It's very important to me be able of
> send a long message in chunks
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Problem generating/loading chunked Gelf message in graylog2
Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I
have many log lines really big). I'm not able of send the correct
information to graylog2 input UDP 12200
If I want to send the next log (is gelf formated) entry to graylog2 using
two chunks how could I do it? What information must have exactly each chunk?
{\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n
\"short_message\":\"Chunked message\",\n \"timestamp\": 123455134,\n
\"level\":1,\n \"_remote_addr\":\"10.1.104.57\",\n
\"_idf\":\"987297342\",\n \"_process\":\"Process\",\n
\"_uid\":\"9798742.938292\",\n \"_idcert\":\"9386101233\" \n}
I'm able of loading this log line without using chunks (it's a simple log
line sample) I'm trying to send the next two chunks to graylog2:
1.
*\x1e\x0f000102*{\n \"version\": \"1.1\",\n
\"host\":\"phcaeproma01\",\n \"short_message\":\"%s\",\n \"timestamp\":
%d,\n \"level\":%d,\n \"_remote_addr\":\"%s\",\n \"_idf\":\"%s\",\n
\"_process\":\"%s\",\n
2.
*\x1e\x0f000112*\"_uid\":\"%s\",\n \"_idcert\":\"%s\" \n}
and I obtain the next trace in graylog2 server log
*2015-02-26 16:59:05,389 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary to complete this message*
*2015-02-26 16:59:05,390 DEBUG:
org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
[chunks for 1 messages]:*
*Message <3030303030303031> Chunks:*
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
*ID: 3030303030303031Sequence: 49/50 Arrival:
1424966345389 Data size: 212*
**
*2015-02-26 16:59:05,390 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary to complete this message*
What I'm doing wrong?
I'm using the next sentences to send the information from gawk server to
graylog2 server:
printf "\x1e\x0f%s%c%c%s","0001",48,50,substr(v_cad,1,200) |&
"/inet/udp/0/10.253.114.218/12200";
printf "\x1e\x0f%s%c%c%s","0001",49,50,substr(v_cad,201) |&
"/inet/udp/0/10.253.114.218/12200";
Thank you very much for any help. It's very important to me be able of send
a long message in chunks
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
