Jochen, Thanks for the response. Indeed I have not configured rsyslog to use any form of encryption. I have edited the definitions in rsyslog.conf and I get logs from network devices still with the IP address not Hostname; I will look further into the templates.
Regards, Nyanjau On Tuesday, November 24, 2015 at 1:26:05 PM UTC+3, Jochen Schalanda wrote: > > Hi Nyanjau, > > as far as I see you didn't configure rsyslog to use SSL/TLS. Please refer > to http://www.rsyslog.com/doc/v7-stable/tutorials/tls.html for details. > Alternatively you can disable TLS in the Syslog TCP input in Graylog. > > Additionally you don't need tot define the message templates in your > rsyslog configuration twice. In fact, you can simply use the built-in > template RSYSLOG_SyslogProtocol23Format, see > http://docs.graylog.org/en/1.2/pages/sending_data.html#rsyslog. > > > Cheers, > Jochen > > On Tuesday, 24 November 2015 07:33:28 UTC+1, Nyanjau Kimani wrote: >> >> Morning Jochen, >> >> Thanks for your response. See below configuration details. Yes, indeed, I >> am sending logs of the network devices to rsyslog which is running on the >> graylog server which then sends to graylog. >> >> Graylog server Syslog TCP Input Definition >> port: 1040 >> tls_client_auth: disabled >> override_source: >> store_full_message: true >> bind_address: my_graylogserver_ip >> tls_cert_file: >> tls_client_auth_cert_file: >> recv_buffer_size: 1048576 >> tls_key_password: ******* >> max_message_size: 2097152 >> tls_key_file: admin >> >> cat /etc/rsyslog.conf >> #### MODULES #### >> # The imjournal module bellow is now used as a message source instead of >> imuxsock. >> $ModLoad imuxsock # provides support for local system logging (e.g. via >> logger command) >> $ModLoad imjournal # provides access to the systemd journal >> $ModLoad imklog # reads kernel messages (the same are read from journald) >> $PreserveFQDN on >> $ActionForwardDefaultTemplate RSYSLOG_ForwardFormat # for plain TCP and >> UDP >> # Provides UDP syslog reception >> $ModLoad imudp >> $UDPServerRun 514 >> >> # Provides TCP syslog reception >> $ModLoad imtcp >> $InputTCPServerRun 514 >> >> #Formatting Messages with templates >> $template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% >> %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% >> %STRUCTURED-DATA% %msg%\n" >> *.* @my_graylogserver_ip:1040;GRAYLOGRFC5424 >> >> $template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% >> %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% >> %STRUCTURED-DATA% %msg%\n" >> *.* @@my_graylogserver_ip:1040;GRAYLOGRFC5424 >> >> >> On Monday, November 23, 2015 at 1:55:40 PM UTC+3, Jochen Schalanda wrote: >>> >>> Hi Nyanjau, >>> >>> could you please post the configuration of your Syslog input in Graylog >>> (System -> Inputs -> [the contents of the gray field]) and of your rsyslog >>> daemon? >>> >>> And just to clarify: You're sending the logs of some network appliances >>> (routers) to rsyslog which in turn sends those to Graylog? >>> >>> >>> Cheers, >>> Jochen >>> >>> On Wednesday, 18 November 2015 07:17:37 UTC+1, Nyanjau Kimani wrote: >>>> >>>> Hi Guys, >>>> >>>> I am running latest graylog v1.2.2, with graylog web 1.2.2 and >>>> elasticsearch 1.7. I use rsyslog to send log information to graylog >>>> server. >>>> I am receiving logs from the routers on my graylog inputs, but they are >>>> displayed with the IP address and not the hostname. My routers have both A >>>> and PTR records. I have tried the to add the PreserverFQDN command on the >>>> rysylog server config file without achieving desired effect. >>>> >>>> Anyone who has successfully logged router and switch logs with graylog >>>> 1.2.2 without having to use logstash to format the logs? >>>> >>>> Thanks. >>>> >>>> >>>> Regards, >>>> >>>> Nyanjau. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/08578d5a-516a-42ff-b052-b1d119b6affb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
