try Parsing them, i use Json template to do that if it's only a syslog type
of logs
create a file /etc/rsyslog.d/toto.conf
template(name="json-template"
type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported"
dateFormat="rfc3339")
constant(value="\",\"@version\":\"1")
constant(value="\",\"message\":\"") property(name="msg"
format="json")
constant(value="\",\"sysloghost\":\"") property(name="hostname")
constant(value="\",\"severity_label\":\"")
property(name="syslogseverity-text")
constant(value="\",\"severity\":\"")
property(name="syslogseverity-text")
constant(value="\",\"facility\":\"")
property(name="syslogfacility-text")
constant(value="\",\"programname\":\"") property(name="programname")
constant(value="\",\"rawmsg\":\"") property(name="rawmsg")
constant(value="\",\"procid\":\"") property(name="procid")
constant(value="\"}\n")
}
*.* @@ur_server:Port;json-template
Le mercredi 14 décembre 2016 15:59:01 UTC+1, [email protected] a écrit :
>
> Actually i see data received in Graylog Web Interface - but it shows like
> the "Source" field is not the actual ip adress of the server sending the
> Syslog data, but source represents some function on the server, and not the
> server IP , so i am not able to do filtering based on Source (IP) - any
> rules that can by set up en graylog to make sure the Source is the IP
> adress of the server?
>
> Thanks.
>
> On Wednesday, December 14, 2016 at 3:10:16 PM UTC+1, Benbrahim Anass wrote:
>>
>> Hi
>> make sure your logs are comming to the graylog by recieving them first on
>> syslog
>> cheers
>>
>> Anas
>>
>> Le mercredi 14 décembre 2016 15:05:51 UTC+1, [email protected] a écrit :
>>>
>>>
>>> Hi,
>>>
>>> Syslog data is not received correctly by Graylog - as it can not show
>>> data from specific source.
>>>
>>> If I do a Wireshark trace on the Graylog server, I see the Syslog
>>> messages are sent correctly from specific server to the Graylog server -
>>> but data is not shown in Graylog web interface ? Any ideas?
>>>
>>> Running Graylog 2.1.2 on Ubuntu 14.04
>>>
>>> Thanks.
>>>
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/7b1c2414-f74c-4274-9aab-622c48b6b910%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
