Graylog will usually use the source IP address of the client delivering a 
message if there's not explicit source field inside the delivered message.

What's the current problem you're trying to solve?


On Thursday, 13 October 2016 21:34:33 UTC+2, dmerenda wrote:
> Hi ramakrishna, 
> I'm trying too to use the source IP address as the source, but I cannot 
> find any way and I do not understand  your answer about the GELF.
> I actually have many logs without a clear source that need to be shown by 
> source IP address.
> logs are like this one 
> name="Packet dropped (GEOIP)" action="drop" fwrule="60019" initf="eth0" 
> srcmac="72:4a:4a:84:15:11" dstmac="15:44:f3:1a:95:c3" 
> srcip="" dstip="" proto="6" length="44" tos="0x00" 
> prec="0x00" ttl="47" srcport="54412" dstport="80" tcpflags="SYN"
> As you can see there is no "hostname" or "log source" or anything able to 
> identify the message.
> I need to use the source IP within the UDP packet.
> How can I do this?
> Thank you very much and best regards
> On Wednesday, June 8, 2016 at 6:14:39 AM UTC+2, ramakrishna...@gmail.com 
> wrote:
>> Hi Adi spivak,
>> Graylog supports the log format such as GELF[Graylog extended log 
>> format]. you could use the host attribute of GELF to specify the device id 
>> as well as the your application context. 
>> <GELF name="gelfAppender" server="" port="12201"
>>             hostName="" protocol="tcp"/> 

You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to