Howdy, Has anybody done this? The GELF payload is not human readable.
The root problem is that I don't see a way to blacklist a host that suddenly decides to send me 5000 GELF packets per second (100x normal traffic), except by blocking it by IP address using iptables. I can capture packets into a PCAP file and look at them with wireshark. From that I canget the probable IP address of the host, but te IP address is not in DNS and calls itself by a fake name in the GELF payload anyway. Once I can map the host name in GELF to an IP address, I can then block it with IP tables. Thanks, -w -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
