Hi, This messages shows received by deleted input on 0de4fb00 / Unknown, as shown in FIG:
<https://lh3.googleusercontent.com/-Bv2lPjtjiBI/WJhMKCO8wmI/AAAAAAAAAAc/O1DE3V7Itvo9RaYfO3FYkioGrNP-yRWDACLcB/s1600/QQ%25E6%2588%25AA%25E5%259B%25BE20170206181601.png> But the normal messages shows received by netsyslog on 0de4fb00 / Unknown,as shown in FIG: <https://lh3.googleusercontent.com/-4pmWgp_vfz4/WJhM8w50ltI/AAAAAAAAAAk/J3VF__snTZs5jOwy8Z-GikbAtEE-rwwkACLcB/s1600/QQ%25E6%2588%25AA%25E5%259B%25BE20170206181912.png> 在 2017年2月6日星期一 UTC+8下午5:11:55,Jochen Schalanda写道: > > Hi, > > when you click on one of these messages, you can see on which input they > were received next to the "Received by" field. > > Once you have identified the input, you can use tools like Wireshark, > tcpdump, or simply lsof to identify where these messages come from. > > Cheers, > Jochen > > > On Monday, 6 February 2017 04:06:00 UTC+1, [email protected] wrote: >> >> Hi, >> >> I deleted the command that send logs to graylog server in the switch, >> But, graylog can receive the logs of this switch as before. I don't know >> where those logs received by the graylog server come from? >> >> >> <https://lh3.googleusercontent.com/-s1zELVGLS_4/WJfnIXR4eLI/AAAAAAAAAAM/JLr0beJpbmgyHv6RFo_8ZVuVDuW6WNxpgCLcB/s1600/QQ%25E6%2588%25AA%25E5%259B%25BE20170206110452.png> >> >> >> The switch do not send logs to graylog, But, graylog can receive the >> logs of this switch as before. As shown in FIG. >> >> >> >> 在 2017年2月4日星期六 UTC+8下午6:07:06,Jochen Schalanda写道: >>> >>> Hi, >>> >>> please elaborate on your problem. I'm not sure what you're trying to say. >>> >>> What did you expect to happen or retrieve? What did actually happen? >>> As far as I see, the timestamps of the log messages are correct. >>> >>> Cheers, >>> Jochen >>> >>> On Saturday, 4 February 2017 10:48:25 UTC+1, [email protected] wrote: >>>> >>>> My graylog server always collect expired logs, these logs are generated >>>> long before , and now the switch has no such logs. >>>> [image: image] >>>> <https://www.google.com/url?q=https%3A%2F%2Fcloud.githubusercontent.com%2Fassets%2F24647716%2F22615473%2F4bef9a9a-ead0-11e6-9fc6-16e97d29dc70.png&sa=D&sntz=1&usg=AFQjCNHn4s-cddXkUqyzVtF1SmKgF5blNw> >>>> >>>> The current log's source is 2017, The log whose source is >>>> G1-K115-ACC-SW-48 is very early, but the server is collecting now. >>>> >>>> This problem has troubled me for weeks. How to solve this problem? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/4f350e28-c425-48e0-ab78-5d14ed81ddaa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
