is there a better way to filter this logs? Le lundi 24 octobre 2016 12:02:06 UTC+2, Benbrahim Anass a écrit : > > i dont have only windows machines, i have hp router, linux servers ...all > of those sends there logs to a centralized syslog server and this last > forward everything to another graylog server via rsyslog > i dont want to reconfigure every equipement to send data to graylog, i > already have a syslog server > i've read that i need logstash for indexing everything but i'm not sure > > Le lundi 24 octobre 2016 11:35:54 UTC+2, Jochen Schalanda a écrit : >> >> Hi, >> >> this looks like a Windows EventLog. Why not send it directly to Graylog >> by using nxlog <https://nxlog.co/> or Winlogbeat >> <https://www.elastic.co/de/downloads/beats/winlogbeat>? Both can be >> managed by the Graylog Collector Sidecar >> <http://docs.graylog.org/en/2.1/pages/collector_sidecar.html>. >> >> Cheers, >> Jochen >> >> On Monday, 24 October 2016 10:03:35 UTC+2, Benbrahim Anass wrote: >>> >>> beacause using Gork and extractors is a pain in the ass, GELF is mores >>> structured than syslog msgs , i've showed you the message i recieve from >>> the syslog server it got all kinds of informations and to extracte them one >>> by one is pretty complicated >>> look at this >>> cbv-w0033.production.infra {"EventTime": "2016-10-24 >>> 09:29:34","Hostname":"..-W0025......","Keywords":4611686052787126272,"EventType":"INFO","SeverityValue":2,"Severity":"INFO","EventID":100,"SourceName":"Microsoft-Windows-Diagnosis-DPS","ProviderGuid":"{6BBA3851-2C7E-4DEA-8F54-31E5AFD029E3}","Version":0,"Task":1,"OpcodeValue":12,"RecordNumber":524,"ActivityID":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","ProcessID":1804,"ThreadID":5436,"Channel":"Microsoft-Windows-Diagnosis-DPS/Operational","Domain":"AUTORITE >>> >>> NT","AccountName":"SERVICE LOCAL","UserID":"S-1-5-19","AccountType":"Well >>> Known Group","Message":"Le module de diagnostic >>> {282396B2-6C46-4D66-B413-70B0445DF33C} >>> (%SystemRoot%\\system32\\diagperf.dll) a détecté un problème pour le >>> scénario {186F47EF-626C-4670-800A-4A30756BABAD}, instance >>> {BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}, ID d’activité d’origine >>> {00000000-0000-0000-0000-000000000000}.","Category":"Cycle de vie du >>> scénario","Opcode":"Un module de diagnostic a détecté un >>> problème","ScenarioId":"{186F47EF-626C-4670-800A-4A30756BABAD}","InstanceId":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","OriginalActivityId":"{00000000-0000-0000-0000-000000000000}","DiagnosticModuleImageName":"%SystemRoot%\\system32\\diagperf.dll","DiagnosticModuleId":"{282396B2-6C46-4D66-B413-70B0445DF33C}","EventReceivedTime":"2016-10-24 >>> >>> 09:29:35","SourceModuleName":"in","SourceModuleType":"im_msvistalog"}#015 >>> >>> Le lundi 24 octobre 2016 09:49:16 UTC+2, Jochen Schalanda a écrit : >>>> >>>> Hi, >>>> >>>> the instructions on the rsyslog website >>>> <http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html> are >>>> unsurprisingly for rsyslog. >>>> >>>> But why exactly do you want to forward your syslog messages using the >>>> GELF protocol? You won't gain anything from it… >>>> >>>> Cheers, >>>> Jochen >>>> >>>> On Monday, 24 October 2016 09:26:38 UTC+2, Benbrahim Anass wrote: >>>>> >>>>> Hi everyone, >>>>> i'm wondering if is it possible to send rsyslog data via GELF to >>>>> Graylog, i saw this tutorial but since i'm newbie i dont know where to >>>>> create that templet or any of that config >>>>> http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html >>>>> hope someone can explain that to me >>>>> thanks in advance >>>>> >>>>> cheers >>>>> Anas >>>>> >>>>
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c7564fd8-d8c8-496b-8710-60f3dad19a31%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
