Hello,

We are testing graylog to see if it fits our needs for a centralized 
logging system.  We've installed and setup graylog and we wanted to be able 
to import specific log files to graylog.  We read that graylog collector 
sidecar is an option.  We have setup a new beats input and tested an apache 
collection recommended by the graylog instructions.  That worked like a 
charm.  We setup a new collection to import authentication logs 
(/var/log/auth.log) but it seems like the host that has sidecar installed 
is not getting the updates for the 2nd configuration and is not pushing the 
auth log to graylog.

1. I looked in /etc/graylog/collector-sidecar/collector_sidecar.yml and i 
noticed the tags aren't updated with the new configuration tag
2. I also looked in /etc/graylog/collector-sidecar/generated/filebeat.yml 
and noticed the input_type doesn't match the new configuration file type. 
 I changed it to auth instead of log. 

However, if i edit these 2 yml files with the correct information, graylog 
with start pulling authentication logs. BUT, it will still say the input 
type is LOG instead of AUTH.  

Not sure why the host isn't getting the configuration updates of the 2nd 
configuration for the authentication logs.  I've restarted the service and 
that didn't work.

Also, would you recommend using NXLog instead of Beats?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5f4a1918-0fdb-46b7-819b-d70ca0bbeae9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to