I believe something like this should be possible with drools rules
http://docs.graylog.org/en/1.2/pages/drools.html
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
I did something similar as a proof of concept but it was far from elegant.
In short:
1. Use nxlog to listen to a file and configure a rule that uses the date of the
log message and not the current date (which it would do if we don't create this
rule)
2. Use something that reads your log file(s)
I don't think graylog does any reverse DNS. How are you sending logs to gray
log?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googleg
Not sure whats going on but the devices are showing up as source
ipaddresses instead of as hostnames i set force rdns in the conf, and i
tested my reverse dns and i fixed everything so its matched up rdns vs
fwddns and still not working ...
i have set force_syslog_rdns = true but that did
On 03/12/15 07:17, Joi Owen wrote:
> One benefit of having separated inputs is that you can isolate unique
> extractors to only the input that provides the fields of interest,
> reducing the load of having to parse for those fields on log data
> arriving from unrelated sources.
>
The way I look at
One benefit of having separated inputs is that you can isolate unique
extractors to only the input that provides the fields of interest, reducing
the load of having to parse for those fields on log data arriving from
unrelated sources.
On Wed, Dec 2, 2015 at 10:40 AM, Sean McGurk
wrote:
> Thank
Thanks, Jochen,
I perhaps didn't make myself clear in my question - I have a number of
Graylog collectors running on different instances and my question was more
whether I should create a separate input on a distinct port for each of
these collectors or just create one input and have all the co
Hello All,
I'm new to graylog so bare with me if I'm asking a stupid question, but the
little bit a research I've done on this subject hasn't been as fruitful as
I've hoped. I have a syslog server with years of archived logs where the
logs are arranged under a directory structure like
/logs/$h
Working like a charm, thank you :)
Le mercredi 2 décembre 2015 10:33:51 UTC+1, Jochen Schalanda a écrit :
>
> Hi Alex,
>
> the Graylog Collector file input basically just reads in text files and
> sends them line-by-line to Graylog. It doesn't parse those lines in any
> way. If you want to use t
Hi Seán,
you cannot bind multiple inputs to the same port (or more precisely the
same IP address and port), so I guess you don't have a choice but to open
multiple ports for multiple inputs.
Cheers,
Jochen
On Tuesday, 1 December 2015 17:41:40 UTC+1, Sean McGurk wrote:
>
> Hi there,
>
> I have
Hi Alex,
the Graylog Collector file input basically just reads in text files and
sends them line-by-line to Graylog. It doesn't parse those lines in any
way. If you want to use the original timestamp of the log messages in your
file(s) as message timestamp in Graylog, you'll have to add one or
11 matches
Mail list logo
