Hi Ranga, On Thursday, 8 December 2016 23:59:05 UTC+1, Ranga Daggubati wrote: > > 1. Does Graylog is used to collect only syslogs or any other application > logs? >
Graylog can be used to collect (log) messages/events from arbitrary sources. Syslog is only one type of input it supports, see http://docs.graylog.org/en/2.1/pages/sending_data.html for some more. > 2. I have launched a syslog input in gl-server - the input will have a > port number and binded to its localhost, here we are not mentioning any ip > address of the system from which we want to pull the logs. so now if i want > to check the apache logs of other instance - so now this instance also will > send the logs to same input then both system apache logs will be showing in > the same place and everything looks like MessUp so how can we track them? > Clients have to push logs into Graylog, e. g. what you configured your rsyslog to do. One syslog input can handle an almost arbitrary number of clients. You can sort the log messages in Graylog by source or any other message field. > 3. if one input is able to monitor the logs of multiple instances/systems > then when/what will be the requirement to launch a new input? > Obviously you need to launch another input if you want to ingest logs with another protocol (e. g. GELF TCP instead of Syslog UDP). And then in can make sense to run multiple inputs of the same type if you want to apply different extractors to your messages, see http://docs.graylog.org/en/2.1/pages/extractors.html for details. > 4. Can you differentiate the list of inputs in Graylog? > See the description on the System / Inputs page and available inputs on the Graylog Marketplace: https://marketplace.graylog.org/addons?kind=plugin > > 5. To send the logs from client to GRAYLOG server we cofigure > rsyslog.conf with template *.* @graylog.example.org:514 , so if somebody > in our team have done the same configuration that client also will send the > log messages to the graylog server. so it shouldn't be happen. We should > have to maintain secure access (like from the client side if we want to > send the logs we should need some permission or access). Sending of log > also should be secure or else if everybody will be sending logs to that > same port and there will be a mess up, right. So sending of logs should be > secure - how can we secure the sending logs? > rsyslog and Graylog support sending logs via TLS which also includes client certificate verification. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b90ff28c-4706-4eee-8e6d-7f7b2e67c5cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
