We have vSphere 5.5 logs going to Graylog2 as well but ours go via a centralised Syslog server using rsyslogd and this works very well for us.
I would highly recommend this configuration for getting vSphere logs into Graylog2 for two reasons... 1. The aforementioned issues with the log formats not conforming to RFC standards. 2. Unless you have your logs on persistent storage (we run embedded on internal USB storage), then you will want a copy of your logs you can easily GZIP up and send to VMware Support if required. The centralised Syslog server has saved our bacon on a number of occasions for this reason alone. This is the rsyslogd config part for sending them on to Graylog2: # Template for Graylog2 format: $template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n" *.* @<Graylog2 Host>:<Graylog2 Port>;GRAYLOGRFC5424 Hope that helps... Cheers, Pete On Wednesday, 21 January 2015 02:59:10 UTC+10, Richard Wall wrote: > > Hi All, > > > Has anyone found a solution to this yet. I'm having the exact same issue. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
