Hi, Graylog will usually use the source IP address of the client delivering a message if there's not explicit source field inside the delivered message.
What's the current problem you're trying to solve? Cheers, Jochen On Thursday, 13 October 2016 21:34:33 UTC+2, dmerenda wrote: > > Hi ramakrishna, > > I'm trying too to use the source IP address as the source, but I cannot > find any way and I do not understand your answer about the GELF. > > I actually have many logs without a clear source that need to be shown by > source IP address. > logs are like this one > name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" > srcmac="72:4a:4a:84:15:11" dstmac="15:44:f3:1a:95:c3" > srcip="171.248.96.60" dstip="10.178.5.8" proto="6" length="44" tos="0x00" > prec="0x00" ttl="47" srcport="54412" dstport="80" tcpflags="SYN" > > As you can see there is no "hostname" or "log source" or anything able to > identify the message. > I need to use the source IP within the UDP packet. > How can I do this? > > Thank you very much and best regards > > > On Wednesday, June 8, 2016 at 6:14:39 AM UTC+2, [email protected] > wrote: >> >> Hi Adi spivak, >> >> Graylog supports the log format such as GELF[Graylog extended log >> format]. you could use the host attribute of GELF to specify the device id >> as well as the your application context. >> >> <GELF name="gelfAppender" server="192.168.2.1" port="12201" >> hostName="192.168.2.1/myapplication" protocol="tcp"/> >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0ce86f58-1b5e-442d-8da5-b4943ddc36c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
