[graylog2] Configure fluentd to send static logs content to graylog

Roger Hill Thu, 30 Apr 2015 13:00:12 -0700

Hi all, am new to graylog2 and have successfully configured a few 
application servers (apache and tomcat), using rsyslog or fluentd, I want 
to use fluentd to send static logs to graylog ...


I am trying this configuration in /etc/td-agent.conf 


root@graylog:/etc/td-agent# tail -15 /etc/td-agent/td-agent.conf
<source local.**>
  type file
  path /root/eds_logs/*.edslog
  tag files.edslog
</source>
<match files.edslog>
  type copy
  <store>
    # type gelf
    host 0.0.0.0
    port 5555
    flush_interval 5s
  </store>
</match>

My Graylog2 input is set to : 

   - recv_buffer_size: 1048576
   - port: 5555
   - tls_key_file: 
   - tls_key_password: *******
   - max_message_size: 2097152
   - override_source: 
   - bind_address: 0.0.0.0
   - tls_cert_file: 

Getting this message in td-agent.log ... 

==> /var/log/td-agent/td-agent.log <==
2015-04-30 05:47:27 +0000 graylog2.daemon.info: 
{"host":"graylog","ident":"dhclient","message":"DHCPACK of 10.8.2.118 from 
10.8.2.1"}
2015-04-30 05:47:27 +0000 graylog2.daemon.info: 
{"host":"graylog","ident":"dhclient","message":"bound to 10.8.2.118 -- 
renewal in 1655 seconds."}
2015-04-30 06:15:02 +0000 graylog2.daemon.info: 
{"host":"graylog","ident":"dhclient","message":"DHCPREQUEST of 10.8.2.118 
on eth0 to 10.8.2.1 port 67 (xid=0x8e10ff9)"}
2015-04-30 06:15:02 +0000 graylog2.daemon.info: 
{"host":"graylog","ident":"dhclient","message":"DHCPACK of 10.8.2.118 from 
10.8.2.1"}
2015-04-30 06:15:02 +0000 graylog2.daemon.info: 
{"host":"graylog","ident":"dhclient","message":"bound to 10.8.2.118 -- 
renewal in 1596 seconds."}
2015-04-30 06:17:01 +0000 graylog2.authpriv.info: 
{"host":"graylog","ident":"CRON","pid":"18775","message":"pam_unix(cron:session):
 
session opened for user root by (uid=0)"}
2015-04-30 06:17:01 +0000 graylog2.cron.info: 
{"host":"graylog","ident":"CRON","pid":"18776","message":"(root) CMD (   cd 
/ && run-parts --report /etc/cron.hourly)"}
2015-04-30 06:17:01 +0000 graylog2.authpriv.info: 
{"host":"graylog","ident":"CRON","pid":"18775","message":"pam_unix(cron:session):
 
session closed for user root"}
2015-04-30 06:17:06 +0000 [error]: dry run failed: Missing 'type' parameter 
on <store> directive
2015-04-30 06:17:11 +0000 [error]: dry run failed: Missing 'type' parameter 
on <store> directive

Need help with the "/etc/td-agent/td-agent.conf file for configuration and 
need help to validate my Graylog2 input is correct for static files (These 
are windows eventlog files)

Any assistant greatly appreciated .

-Roger Hill 
[email protected]



-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

[graylog2] Configure fluentd to send static logs content to graylog

Reply via email to