Hi Drew, I was able to import a sampling of the logs, using a syslog and/or RAW UDP inputs and netcat, however I'm not happy with the results because graylog did not preserve the data/time/host and instead set the data/time it received those entries and the host where the import was performed from, rather than the host the entry was created on. From the researching/googling I've done this appears to be a common issue, and one where I've yet to see a solution provided or explained.
I'll give nxlog a go and see if it's able to address this issue, thanks for the recommendation! -- Later, Darin On Wed, Dec 2, 2015 at 9:20 PM, Drew Miranda <gee...@gmail.com> wrote: > I did something similar as a proof of concept but it was far from elegant. > > In short: > > 1. Use nxlog to listen to a file and configure a rule that uses the date of > the log message and not the current date (which it would do if we don't > create this rule) > 2. Use something that reads your log file(s) one line at a time and appends > each line to the file being monitored by nxlog > > *in some cases the date time format is not directly parseable by nxlog and a > script is required to parse on the correct format. > > https://nxlog.org/node/295#idp9098336 > > Sorry this is so convoluted. This is a feature that has been requested so it > is possible we may see a native way to do this in the future. > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/e956ec6d-3f94-40be-a3c8-147ea7502ed2%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CADaviKvheJhxtbMuB6Hyru%2B4--328L_FSgk5wC5xY5cCqdzb_w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
