[graylog2] Re: use logstash + gelf to send logs to graylog
i dont think so, i just starting using it, so.. cheers anas Le mercredi 26 octobre 2016 14:37:44 UTC+2, GambitK a écrit : > > Wasn't there an update for logstas-gelf that added TCP? I think I saw it > recently in the Graylog twitter. > > El miércoles, 26 de octubre de 2016, 3:46:30 (UTC-4), Benbrahim Anass > escribió: >> >> Probleme Fixed, apparently logstash/gelf only works with UDP. >> it would be nice if they mentioned that somewhere >> >> cheers >> Anas >> >> Le mardi 25 octobre 2016 13:19:51 UTC+2, Benbrahim Anass a écrit : >>> >>> i'm wondering if is it possible to send logs via logstash/gelf to >>> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF >>> >>> Thanks >>> cheers >>> anas >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ac179969-6f17-4575-abbb-91f6a080547d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Hi, On Wednesday, 26 October 2016 14:37:44 UTC+2, GambitK wrote: > > Wasn't there an update for logstas-gelf that added TCP? I think I saw it > recently in the Graylog twitter. > https://github.com/logstash-plugins/logstash-output-gelf/issues/1 Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d11a2f33-c0a6-4bb7-a165-003e1dd73fa8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Wasn't there an update for logstas-gelf that added TCP? I think I saw it recently in the Graylog twitter. El miércoles, 26 de octubre de 2016, 3:46:30 (UTC-4), Benbrahim Anass escribió: > > Probleme Fixed, apparently logstash/gelf only works with UDP. > it would be nice if they mentioned that somewhere > > cheers > Anas > > Le mardi 25 octobre 2016 13:19:51 UTC+2, Benbrahim Anass a écrit : >> >> i'm wondering if is it possible to send logs via logstash/gelf to >> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF >> >> Thanks >> cheers >> anas >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/75fe58a7-6566-47ab-93fb-1065322b991f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Probleme Fixed, apparently logstash/gelf only works with UDP. it would be nice if they mentioned that somewhere cheers Anas Le mardi 25 octobre 2016 13:19:51 UTC+2, Benbrahim Anass a écrit : > > i'm wondering if is it possible to send logs via logstash/gelf to > Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF > > Thanks > cheers > anas > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1eb5c799-d0e8-412c-9d7f-67f882bf937b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
logstash_syslog.conf:
input {
tcp {
port => 514
host => "127.0.0.1"
type => syslog
codec => "json"
}
}
filter {
# This replaces the host field (UDP source) with the host that generated
the message (sysloghost)
if [sysloghost] {
mutate {
replace => [ "host", "%{sysloghost}" ]
remove_field => "sysloghost" # prune the field after successfully
replacing "host"
}
}
}
output {
gelf {
sender => "%{@source_host}"
host => "10.56.130.70"
port => 12201
}
}
logstash template:
template(name="ls_json" type="list" option.json="on")
{ constant(value="{")
constant(value="\"@timestamp\":\"")
property(name="timegenerated" dateFormat="rfc3339")
constant(value="\",\"@version\":\"1")
constant(value="\",\"message\":\"") property(name="msg")
constant(value="\",\"host\":\"")property(name="fromhost")
constant(value="\",\"host_ip\":\"")
property(name="fromhost-ip")
constant(value="\",\"my_environment\":\"Development")
constant(value="\",\"my_project\":\"IPA")
constant(value="\",\"my_use\":\"Auth")
constant(value="\",\"logsource\":\"") property(name="fromhost")
constant(value="\",\"severity_label\":\"")
property(name="syslogseverity-text")
constant(value="\",\"severity\":\"")
property(name="syslogseverity")
constant(value="\",\"facility_label\":\"")
property(name="syslogfacility-text")
constant(value="\",\"facility\":\"")
property(name="syslogfacility")
constant(value="\",\"program\":\"")
property(name="programname")
constant(value="\",\"pid\":\"") property(name="procid")
constant(value="\",\"rawmsg\":\"") property(name="rawmsg")
constant(value="\",\"syslogtag\":\"") property(name="syslogtag")
constant(value="\"}\n")
}
*.* @@127.0.0.1:514;ls_json
Le mardi 25 octobre 2016 15:43:15 UTC+2, Jochen Schalanda a écrit :
>
> Hi,
>
> what kind of input did you create in Graylog and how did you configure it?
>
> I'm also not sure if you really want to have that TCP input in Logstash…
>
> FWIW, if you only want to read files and send their contents to Graylog,
> I'd recommend using Filebeat or nxlog which can both be managed via the
> Graylog Collector Sidecar.
>
>
> Cheers,
> Jochen
>
> On Tuesday, 25 October 2016 14:48:56 UTC+2, Benbrahim Anass wrote:
>>
>> yea i already saw that,
>> here is my conf
>> input {
>> tcp {
>> type => "tcp"
>> port => "12201"
>> }
>> file {
>> path => "/var/log/messages"
>> type => "rsyslog"
>> start_position => "beginning"
>> }
>> }
>>
>>
>> output {
>> gelf {
>> host => "10.56.130.70"
>> port => 12201
>> }
>> }
>>
>>
logstash will allow me to use filters, that's the point from the beginning
> but i dont see any connection on the port 12201 on the graylog server.
>> the port is open, it's not that, nor the firewall
>>
>> any suggestions?
>> thanks
>>
>> Le mardi 25 octobre 2016 14:31:00 UTC+2, Jochen Schalanda a écrit :
>>>
>>> Hi,
>>>
>>> On Tuesday, 25 October 2016 13:19:51 UTC+2, Benbrahim Anass wrote:
i'm wondering if is it possible to send logs via logstash/gelf to
Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF
>>>
>>> Of course that's possible.
>>>
>>> See
>>> https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-gelf.html
>>> for the relevant documentation.
>>>
>>> Cheers,
>>> Jochen
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/25fe10e3-6ad4-4e29-a9c4-db85aa4a6cbf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Hi,
what kind of input did you create in Graylog and how did you configure it?
I'm also not sure if you really want to have that TCP input in Logstash…
FWIW, if you only want to read files and send their contents to Graylog,
I'd recommend using Filebeat or nxlog which can both be managed via the
Graylog Collector Sidecar.
Cheers,
Jochen
On Tuesday, 25 October 2016 14:48:56 UTC+2, Benbrahim Anass wrote:
>
> yea i already saw that,
> here is my conf
> input {
> tcp {
> type => "tcp"
> port => "12201"
> }
> file {
> path => "/var/log/messages"
> type => "rsyslog"
> start_position => "beginning"
> }
> }
>
>
> output {
> gelf {
> host => "10.56.130.70"
> port => 12201
> }
> }
>
>
> but i dont see any connection on the port 12201 on the graylog server.
> the port is open, it's not that, nor the firewall
>
> any suggestions?
> thanks
>
> Le mardi 25 octobre 2016 14:31:00 UTC+2, Jochen Schalanda a écrit :
>>
>> Hi,
>>
>> On Tuesday, 25 October 2016 13:19:51 UTC+2, Benbrahim Anass wrote:
>>>
>>> i'm wondering if is it possible to send logs via logstash/gelf to
>>> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF
>>>
>>
>> Of course that's possible.
>>
>> See
>> https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-gelf.html
>> for the relevant documentation.
>>
>> Cheers,
>> Jochen
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/8f405f37-c667-46ca-a48f-e829a3065f13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
yea i already saw that,
here is my conf
input {
tcp {
type => "tcp"
port => "12201"
}
file {
path => "/var/log/messages"
type => "rsyslog"
start_position => "beginning"
}
}
output {
gelf {
host => "10.56.130.70"
port => 12201
}
}
but i dont see any connection on the port 12201 on the graylog server.
the port is open, it's not that, nor the firewall
any suggestions?
thanks
Le mardi 25 octobre 2016 14:31:00 UTC+2, Jochen Schalanda a écrit :
>
> Hi,
>
> On Tuesday, 25 October 2016 13:19:51 UTC+2, Benbrahim Anass wrote:
>>
>> i'm wondering if is it possible to send logs via logstash/gelf to
>> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF
>>
>
> Of course that's possible.
>
> See https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-gelf.html
> for the relevant documentation.
>
> Cheers,
> Jochen
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/0f7654aa-fc76-472c-ada0-7099aeb84be3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Hi, On Tuesday, 25 October 2016 13:19:51 UTC+2, Benbrahim Anass wrote: > > i'm wondering if is it possible to send logs via logstash/gelf to > Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF > Of course that's possible. See https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-gelf.html for the relevant documentation. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0b745997-fab6-49e4-9dfa-6369c26bc561%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
