beacause using Gork and extractors is a pain in the ass, GELF is mores
structured than syslog msgs , i've showed you the message i recieve from
the syslog server it got all kinds of informations and to extracte them one
by one is pretty complicated
look at this
cbv-w0033.production.infra {"EventTime": "2016-10-24
09:29:34","Hostname":"..-W0025......","Keywords":4611686052787126272,"EventType":"INFO","SeverityValue":2,"Severity":"INFO","EventID":100,"SourceName":"Microsoft-Windows-Diagnosis-DPS","ProviderGuid":"{6BBA3851-2C7E-4DEA-8F54-31E5AFD029E3}","Version":0,"Task":1,"OpcodeValue":12,"RecordNumber":524,"ActivityID":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","ProcessID":1804,"ThreadID":5436,"Channel":"Microsoft-Windows-Diagnosis-DPS/Operational","Domain":"AUTORITE
NT","AccountName":"SERVICE LOCAL","UserID":"S-1-5-19","AccountType":"Well
Known Group","Message":"Le module de diagnostic
{282396B2-6C46-4D66-B413-70B0445DF33C}
(%SystemRoot%\\system32\\diagperf.dll) a détecté un problème pour le
scénario {186F47EF-626C-4670-800A-4A30756BABAD}, instance
{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}, ID d’activité d’origine
{00000000-0000-0000-0000-000000000000}.","Category":"Cycle de vie du
scénario","Opcode":"Un module de diagnostic a détecté un
problème","ScenarioId":"{186F47EF-626C-4670-800A-4A30756BABAD}","InstanceId":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","OriginalActivityId":"{00000000-0000-0000-0000-000000000000}","DiagnosticModuleImageName":"%SystemRoot%\\system32\\diagperf.dll","DiagnosticModuleId":"{282396B2-6C46-4D66-B413-70B0445DF33C}","EventReceivedTime":"2016-10-24
09:29:35","SourceModuleName":"in","SourceModuleType":"im_msvistalog"}#015
Le lundi 24 octobre 2016 09:49:16 UTC+2, Jochen Schalanda a écrit :
>
> Hi,
>
> the instructions on the rsyslog website
> <http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html> are
> unsurprisingly for rsyslog.
>
> But why exactly do you want to forward your syslog messages using the GELF
> protocol? You won't gain anything from it…
>
> Cheers,
> Jochen
>
> On Monday, 24 October 2016 09:26:38 UTC+2, Benbrahim Anass wrote:
>>
>> Hi everyone,
>> i'm wondering if is it possible to send rsyslog data via GELF to Graylog,
>> i saw this tutorial but since i'm newbie i dont know where to create that
>> templet or any of that config
>> http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html
>> hope someone can explain that to me
>> thanks in advance
>>
>> cheers
>> Anas
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a8775629-12b7-40eb-b14f-084df5735dee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
