Re: [graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
You can find an example in the gelf-php project.
https://github.com/bzikarsky/gelf-php/blob/master/src/Gelf/Transport/UdpTransport.php#L106
Regards,
Bernd
On 2 March 2015 at 23:00, Jesús Alberto Vidal Cortés
jesusalberto.vidal@gmail.com wrote:
Thanks Bernd, but we want to send log to graylog2 without modifying PHP
configuration or application. Could you write a very simple sample of
chunked message for graylog2 (in the official documentation there isn't any
sample of chunked message, personally I think it is not sufficiently
explained)
Thank you again.
Regards
Alberto
On Monday, March 2, 2015 at 1:54:53 PM UTC+1, Bernd Ahlers wrote:
Hey,
if you want to send GELF messages from your PHP application, you might
want to look at https://github.com/bzikarsky/gelf-php/.
This is a ready to use PHP GELF library which also supports chunking.
Hope that helps!
Regards,
Bernd
On 1 March 2015 at 19:31, Jesús Alberto Vidal Cortés
jesusalbert...@gmail.com wrote:
Can anyone write a detailed sample of a a chunked message?
Thank you very much
On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal
Cortés
wrote:
Hi, I'm trying to process with gawk a PHP log for loading it graylog2
(I
have many log lines really big). I'm not able of send the correct
information to graylog2 input UDP 12200
If I want to send the next log (is gelf formated) entry to graylog2
using
two chunks how could I do it? What information must have exactly each
chunk?
{\n \version\: \1.1\,\n \host\:\phcaeproma01\,\n
\short_message\:\Chunked message\,\n \timestamp\: 123455134,\n
\level\:1,\n \_remote_addr\:\10.1.104.57\,\n
\_idf\:\987297342\,\n \_process\:\Process\,\n
\_uid\:\9798742.938292\,\n \_idcert\:\9386101233\ \n}
I'm able of loading this log line without using chunks (it's a simple
log
line sample) I'm trying to send the next two chunks to graylog2:
1.
\x1e\x0f000102{\n \version\: \1.1\,\n
\host\:\phcaeproma01\,\n \short_message\:\%s\,\n
\timestamp\:
%d,\n \level\:%d,\n \_remote_addr\:\%s\,\n \_idf\:\%s\,\n
\_process\:\%s\,\n
2.
\x1e\x0f000112\_uid\:\%s\,\n \_idcert\:\%s\ \n}
and I obtain the next trace in graylog2 server log
2015-02-26 16:59:05,389 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary
to complete this message
2015-02-26 16:59:05,390 DEBUG:
org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
[chunks for 1 messages]:
Message 3030303030303031 Chunks:
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
ID: 3030303030303031Sequence: 49/50 Arrival:
1424966345389 Data size: 212
not arrived yet
2015-02-26 16:59:05,390 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary
to complete this message
What I'm doing wrong?
I'm using the next sentences to send the information from gawk server
to
graylog2 server:
printf \x1e\x0f%s%c%c%s,0001,48,50,substr(v_cad,1,200) |
/inet/udp/0/10.253.114.218/12200;
printf \x1e\x0f%s%c%c%s,0001,49,50,substr(v_cad,201) |
/inet/udp/0/10.253.114.218/12200;
Thank you very much for any help. It's very important to me be able of
send a long message in chunks
--
You received this message because you are subscribed to the Google
Re: [graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
Thanks Bernd, but we want to send log to graylog2 without modifying PHP
configuration or application. Could you write a very simple sample of
chunked message for graylog2 (in the official documentation there isn't any
sample of chunked message, personally I think it is not sufficiently
explained)
Thank you again.
Regards
Alberto
On Monday, March 2, 2015 at 1:54:53 PM UTC+1, Bernd Ahlers wrote:
Hey,
if you want to send GELF messages from your PHP application, you might
want to look at https://github.com/bzikarsky/gelf-php/.
This is a ready to use PHP GELF library which also supports chunking.
Hope that helps!
Regards,
Bernd
On 1 March 2015 at 19:31, Jesús Alberto Vidal Cortés
jesusalbert...@gmail.com javascript: wrote:
Can anyone write a detailed sample of a a chunked message?
Thank you very much
On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal
Cortés
wrote:
Hi, I'm trying to process with gawk a PHP log for loading it graylog2
(I
have many log lines really big). I'm not able of send the correct
information to graylog2 input UDP 12200
If I want to send the next log (is gelf formated) entry to graylog2
using
two chunks how could I do it? What information must have exactly each
chunk?
{\n \version\: \1.1\,\n \host\:\phcaeproma01\,\n
\short_message\:\Chunked message\,\n \timestamp\: 123455134,\n
\level\:1,\n \_remote_addr\:\10.1.104.57\,\n
\_idf\:\987297342\,\n \_process\:\Process\,\n
\_uid\:\9798742.938292\,\n \_idcert\:\9386101233\ \n}
I'm able of loading this log line without using chunks (it's a simple
log
line sample) I'm trying to send the next two chunks to graylog2:
1.
\x1e\x0f000102{\n \version\: \1.1\,\n
\host\:\phcaeproma01\,\n \short_message\:\%s\,\n
\timestamp\:
%d,\n \level\:%d,\n \_remote_addr\:\%s\,\n \_idf\:\%s\,\n
\_process\:\%s\,\n
2.
\x1e\x0f000112\_uid\:\%s\,\n \_idcert\:\%s\ \n}
and I obtain the next trace in graylog2 server log
2015-02-26 16:59:05,389 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary
to complete this message
2015-02-26 16:59:05,390 DEBUG:
org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
[chunks for 1 messages]:
Message 3030303030303031 Chunks:
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
ID: 3030303030303031Sequence: 49/50 Arrival:
1424966345389 Data size: 212
not arrived yet
2015-02-26 16:59:05,390 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary
to complete this message
What I'm doing wrong?
I'm using the next sentences to send the information from gawk server
to
graylog2 server:
printf \x1e\x0f%s%c%c%s,0001,48,50,substr(v_cad,1,200) |
/inet/udp/0/10.253.114.218/12200;
printf \x1e\x0f%s%c%c%s,0001,49,50,substr(v_cad,201) |
/inet/udp/0/10.253.114.218/12200;
Thank you very much for any help. It's very important to me be able of
send a long message in chunks
--
You received this message because you are subscribed to the Google
Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to
Re: [graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
Hey,
if you want to send GELF messages from your PHP application, you might
want to look at https://github.com/bzikarsky/gelf-php/.
This is a ready to use PHP GELF library which also supports chunking.
Hope that helps!
Regards,
Bernd
On 1 March 2015 at 19:31, Jesús Alberto Vidal Cortés
jesusalberto.vidal@gmail.com wrote:
Can anyone write a detailed sample of a a chunked message?
Thank you very much
On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal Cortés
wrote:
Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I
have many log lines really big). I'm not able of send the correct
information to graylog2 input UDP 12200
If I want to send the next log (is gelf formated) entry to graylog2 using
two chunks how could I do it? What information must have exactly each chunk?
{\n \version\: \1.1\,\n \host\:\phcaeproma01\,\n
\short_message\:\Chunked message\,\n \timestamp\: 123455134,\n
\level\:1,\n \_remote_addr\:\10.1.104.57\,\n
\_idf\:\987297342\,\n \_process\:\Process\,\n
\_uid\:\9798742.938292\,\n \_idcert\:\9386101233\ \n}
I'm able of loading this log line without using chunks (it's a simple log
line sample) I'm trying to send the next two chunks to graylog2:
1.
\x1e\x0f000102{\n \version\: \1.1\,\n
\host\:\phcaeproma01\,\n \short_message\:\%s\,\n \timestamp\:
%d,\n \level\:%d,\n \_remote_addr\:\%s\,\n \_idf\:\%s\,\n
\_process\:\%s\,\n
2.
\x1e\x0f000112\_uid\:\%s\,\n \_idcert\:\%s\ \n}
and I obtain the next trace in graylog2 server log
2015-02-26 16:59:05,389 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks necessary
to complete this message
2015-02-26 16:59:05,390 DEBUG:
org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
[chunks for 1 messages]:
Message 3030303030303031 Chunks:
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
not arrived yet
ID: 3030303030303031Sequence: 49/50 Arrival:
1424966345389 Data size: 212
not arrived yet
2015-02-26 16:59:05,390 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks necessary
to complete this message
What I'm doing wrong?
I'm using the next sentences to send the information from gawk server to
graylog2 server:
printf \x1e\x0f%s%c%c%s,0001,48,50,substr(v_cad,1,200) |
/inet/udp/0/10.253.114.218/12200;
printf \x1e\x0f%s%c%c%s,0001,49,50,substr(v_cad,201) |
/inet/udp/0/10.253.114.218/12200;
Thank you very much for any help. It's very important to me be able of
send a long message in chunks
--
You received this message because you are subscribed to the Google Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an
email to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Developer
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078
TORCH GmbH - A Graylog company
Steckelhörn 11
20457 Hamburg
Germany
Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)
--
You received this message because you are subscribed to the Google Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Problem generating/loading chunked Gelf message in graylog2
Can anyone write a detailed sample of a a chunked message?
Thank you very much
On Friday, February 27, 2015 at 6:32:46 PM UTC+1, Jesús Alberto Vidal
Cortés wrote:
Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I
have many log lines really big). I'm not able of send the correct
information to graylog2 input UDP 12200
If I want to send the next log (is gelf formated) entry to graylog2 using
two chunks how could I do it? What information must have exactly each chunk?
{\n \version\: \1.1\,\n \host\:\phcaeproma01\,\n
\short_message\:\Chunked message\,\n \timestamp\: 123455134,\n
\level\:1,\n \_remote_addr\:\10.1.104.57\,\n
\_idf\:\987297342\,\n \_process\:\Process\,\n
\_uid\:\9798742.938292\,\n \_idcert\:\9386101233\ \n}
I'm able of loading this log line without using chunks (it's a simple log
line sample) I'm trying to send the next two chunks to graylog2:
1.
*\x1e\x0f000102*{\n \version\: \1.1\,\n
\host\:\phcaeproma01\,\n \short_message\:\%s\,\n \timestamp\:
%d,\n \level\:%d,\n \_remote_addr\:\%s\,\n \_idf\:\%s\,\n
\_process\:\%s\,\n
2.
*\x1e\x0f000112*\_uid\:\%s\,\n \_idcert\:\%s\ \n}
and I obtain the next trace in graylog2 server log
*2015-02-26 16:59:05,389 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary to complete this message*
*2015-02-26 16:59:05,390 DEBUG:
org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
[chunks for 1 messages]:*
*Message 3030303030303031 Chunks:*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*not arrived yet*
*ID: 3030303030303031Sequence: 49/50 Arrival:
1424966345389 Data size: 212*
*not arrived yet*
*2015-02-26 16:59:05,390 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary to complete this message*
What I'm doing wrong?
I'm using the next sentences to send the information from gawk server to
graylog2 server:
printf \x1e\x0f%s%c%c%s,0001,48,50,substr(v_cad,1,200) |
/inet/udp/0/10.253.114.218/12200;
printf \x1e\x0f%s%c%c%s,0001,49,50,substr(v_cad,201) |
/inet/udp/0/10.253.114.218/12200;
Thank you very much for any help. It's very important to me be able of
send a long message in chunks
--
You received this message because you are subscribed to the Google Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
