Hello , I am running version 2.0 of graylog in a configuration: Load Balancder in front of cluster of 3 graylog servers. 95 percent of messages are shown also with the sopurce field correctly filled with the name of the originating machine. But there are 5% of messages, where in the source field there is only the internal IP of Load balancer
Here is example of such "bad" message with details. The difference I see is that source should have origin hostname or IP, but it only has LB IP. the facility , level and application fields are also not filled correctly They are filled in case of "OK" messages. Received by*: tcp syslog ngray4* on ngray1 <http://10.234.102.18:9000/system/nodes/220e6aee-550e-4b7d-ba7b-414d40e9abc6> Stored in index: graylog_235 facility: Unknown level: -1message: 2016-11-25 13:26:20,308 authentication valid: false for username: kralsource: 10.139.123.1gl2_remote_ip: 10.139.123.1gl2:source_node: 220e6aee-550e-4b7d-ba7b-414d40e9abc6gl2_remote_ip: 10.139.123.1 BTW, this original message was sent form Windows using nxlog. Maybe there is some way to remap message in nxlog to show source also in graylog ? Thanks! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/29de39be-44fb-445b-b39b-ce4d05019c77%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
