Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I
have many log lines really big). I'm not able of send the correct
information to graylog2 input UDP 12200
If I want to send the next log (is gelf formated) entry to graylog2 using
two chunks how could I do it? What information must have exactly each chunk?
{\n \"version\": \"1.1\",\n \"host\":\"phcaeproma01\",\n
\"short_message\":\"Chunked message\",\n \"timestamp\": 123455134,\n
\"level\":1,\n \"_remote_addr\":\"10.1.104.57\",\n
\"_idf\":\"987297342\",\n \"_process\":\"Process\",\n
\"_uid\":\"9798742.938292\",\n \"_idcert\":\"9386101233\" \n}
I'm able of loading this log line without using chunks (it's a simple log
line sample) I'm trying to send the next two chunks to graylog2:
1.
*\x1e\x0f0000000102*{\n \"version\": \"1.1\",\n
\"host\":\"phcaeproma01\",\n \"short_message\":\"%s\",\n \"timestamp\":
%d,\n \"level\":%d,\n \"_remote_addr\":\"%s\",\n \"_idf\":\"%s\",\n
\"_process\":\"%s\",\n
2.
*\x1e\x0f0000000112*\"_uid\":\"%s\",\n \"_idcert\":\"%s\" \n}
and I obtain the next trace in graylog2 server log
*2015-02-26 16:59:05,389 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary to complete this message*
*2015-02-26 16:59:05,390 DEBUG:
org.graylog2.inputs.codecs.GelfChunkAggregator - Dumping GELF chunk map
[chunks for 1 messages]:*
*Message <3030303030303031> Chunks:*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* <not arrived yet>*
* ID: 3030303030303031 Sequence: 49/50 Arrival:
1424966345389 Data size: 212*
* <not arrived yet>*
*2015-02-26 16:59:05,390 DEBUG:
org.graylog2.plugin.inputs.transports.NettyTransport - More chunks
necessary to complete this message*
What I'm doing wrong?
I'm using the next sentences to send the information from gawk server to
graylog2 server:
printf "\x1e\x0f%s%c%c%s","00000001",48,50,substr(v_cad,1,200) |&
"/inet/udp/0/10.253.114.218/12200";
printf "\x1e\x0f%s%c%c%s","00000001",49,50,substr(v_cad,201) |&
"/inet/udp/0/10.253.114.218/12200";
Thank you very much for any help. It's very important to me be able of send
a long message in chunks
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
