Hi ramakrishna, I'm trying too to use the source IP address as the source, but I cannot find any way and I do not understand your answer about the GELF.
I actually have many logs without a clear source that need to be shown by source IP address. logs are like this one name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" srcmac="72:4a:4a:84:15:11" dstmac="15:44:f3:1a:95:c3" srcip="171.248.96.60" dstip="10.178.5.8" proto="6" length="44" tos="0x00" prec="0x00" ttl="47" srcport="54412" dstport="80" tcpflags="SYN" As you can see there is no "hostname" or "log source" or anything able to identify the message. I need to use the source IP within the UDP packet. How can I do this? Thank you very much and best regards On Wednesday, June 8, 2016 at 6:14:39 AM UTC+2, [email protected] wrote: > > Hi Adi spivak, > > Graylog supports the log format such as GELF[Graylog extended log format]. > you could use the host attribute of GELF to specify the device id as well > as the your application context. > > <GELF name="gelfAppender" server="192.168.2.1" port="12201" > hostName="192.168.2.1/myapplication" protocol="tcp"/> > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/22173066-bd70-4840-8572-45bcd9262241%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
