[graylog2] Graylog and field source as ip address

Fri, 10 Jul 2015 01:47:40 -0700 

Hello guys,
        I was searching the solution for my problem but I can't found the 
answer.
       I have a server with graylog version: 1.1.3, connected to other 
server with Elasticsearch. I created a inputs type Raw/Plaintext TCP to get 
RabbitMQ logs from a Windows server 2008.  The agent to get these logs is 
Nxlog.
       I recieved the logs as well, but the field source show me the ip 
address and not the hostname.
       I checked the server if got the dns from server, so I ran the 
following commands for checking it:

[root@localhost ~]# host 10.101.250.119
119.250.101.10.in-addr.arpa domain name pointer cviaddzw12.office.xxx.com.
119.250.101.10.in-addr.arpa domain name pointer cviaddzw12.datacenter.xxx.
com.
[root@localhost ~]# dig -x 10.101.250.119
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> -x 10.101.250.119
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10435
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;119.250.101.10.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
119.250.101.10.in-addr.arpa. 1200 IN    PTR     cviaddzw12.datacenter.xxx.
com.
119.250.101.10.in-addr.arpa. 1200 IN    PTR     cviaddzw12.office.xxx.com.

;; Query time: 0 msec
;; SERVER: 10.101.1.52#53(10.101.1.52)
;; WHEN: Thu Jul  9 13:00:58 2015
;; MSG SIZE  rcvd: 125



I think the problem isn't the resolv DNS.

Configuration Nxlog (extract)
define SERVER serverName

<Extension fileop>
    Module         xm_fileop
</Extension>

# Watch your own files.
<Input rabbitmq>
    Module im_file
    File        'C:\\rabbitmq\\log\\rabbit.log'
    SavePos     TRUE
    Exec        $Hostname = '%SERVER%';
    Exec        $Server = 'CVIADDZW12';
</Input>

<Output out>
    Module      om_tcp
    Host        10.101.81.190
    Port        5555
</Output>

<Route 1>
    Path        rabbitmq => out
</Route>

I tried create an other field named $Server, but isn't works too.

Anyone has any idea?.

Thank you very much.





-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to