Hi Russ, Graylog supports Structured Syslog as defined per RFC 5424 ( https://tools.ietf.org/html/rfc5424) which means that it will automatically extract data from syslog messages containing structured data elements.
Cheers, Jochen On Monday, 27 July 2015 19:00:30 UTC+2, Russ wrote: > > Hi Jochen, > > Thanks for the reply! > > When you mention using structured syslog data through syslog, how does > that work? Does graylog automatically detect structured data inside a > standard syslog message? I tried including JSON blobs and key value pairs > in my syslog message but it didn't seem to pick it up. Maybe I need to > setup an extractor? Or would this be like CEE for rsyslog? > > Thanks for your help! > > -Russ > > On Monday, July 27, 2015 at 1:32:00 AM UTC-7, Jochen Schalanda wrote: >> >> Hi Russ, >> >> most third-party libraries only support sending GELF over UDP, some also >> support TCP, and very few support GELF over TCP+TLS. For example our own >> Java-based gelfclient (https://github.com/Graylog2/gelfclient) supports >> all three modes. If you're missing a specific transport mode in some >> library, you should contact the author of the respective project and see >> what's required to get support for TLS into the library. >> >> The support for GELF over TCP+TLS is relatively new (introduced in >> Graylog 1.0.0), so some libraries just lag behind or nobody really asked >> for encrypted transport yet. >> >> FWIW you might work around this limitation by spanning a VPN underneath >> the logging clients and the Graylog servers in order to move the encryption >> to a "lower" layer in the stack or use structured syslog to include more >> information in syslog messages sent to Graylog. >> >> >> Cheers, >> Jochen >> >> On Monday, 27 July 2015 10:15:50 UTC+2, Russ wrote: >>> >>> Hi Everyone, >>> >>> I'm trying to run graylog with a huge amount of incoming messages per >>> second. To speed up indexing and make the data more easily queryable I'm >>> interested in using GELF. When I do it over UDP it works perfectly; it's >>> super efficient. >>> >>> However, I can't find much information (libraries/modules/etc for Java >>> and Python) with folks logging in GELF over TCP with TLS. Unfortunately I >>> have some requirements that won't allow me ship the messages over an >>> unencrypted connection and am forced to used to TLS. I can solve for this >>> now by using rsyslog but it's not in GELF format. >>> >>> I'm curious if I'm not finding anything about GELF over TLS because: >>> >>> (A) there is a reason this sort of thing shouldn't be done, >>> (B) I'm not looking in the right places >>> (C) Just hasn't been a library developed that does this yet. >>> (D) Something else. >>> >>> I started prototyping something with Python (socket/ssl) to do it but >>> didn't want to get too far down the path if there is something fundamental >>> I'm missing. They GELF documentation mentions TCP introduces headaches >>> which I can understand from a high level but I'm not so much of an expert >>> to know if I'll get myself in over my head if I write something to do this. >>> >>> Thanks for your help! >>> >>> -Russ >>> >> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
