First let me say what a great app this is. I found this in an article about
using Graylog2 and NXLog together. What I am finding is that the
hostname/source name is being somehow stripped from the message as GrayLog2
gets it. NXLog is installed on the same server as GrayLog2 and I have tried
several different methods of sending to the host/GrayLog2. Is there a way to
just send the message unedited from NXLog? I'm not sure what to do here. Is
there a format that I need to do in NXLog to make sure GrayLog2 gets everything?
########################################
# Modules #
########################################
# NXlog syslog extension activation (needed to receive syslog messages)
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension gelf>
Module xm_gelf
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input udp_in>
Module im_udp
Port 514
Host 0.0.0.0
Exec parse_syslog();
</Input>
<Processor buffer_udp>
Module pm_buffer
MaxSize 1024
Type Mem
WarnLimit 512
</Processor>
# NXlog output to forward everything to GrayLog2 listening on Localhost port
5514.
<Output tcp_out>
Module om_tcp
Port 5514
Host XXX.XXX.XXX.132 (this is the ip of the syslog server. I have
tried localhost and the hostname as well with no luck)
</Output>
########################################
# Routes #
########################################
<Route udp>
Path udp_in => buffer_udp => tcp_out
</Route>
Message from Cisco switch:
2014 Jun 2 16:40:24 N5K-A %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication
failed for user admin from 192.168.5.18 - sshd[27241]
Message as seen from Graylog2:
<187>: 2014 Jun 2 16:40:24 UTC: %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication
failed for user admin from 192.168.5.18 - sshd[27241]
-----------------------------------------
This message, including any attachments, is intended only for the use of the
addressee and contains information that is PROPRIETARY and CONFIDENTIAL. It may
be used only by the addressee and may not be divulged without the express
consent of the sender. If you are not the intended recipient, you are hereby
notified that any dissemination of this communication is strictly prohibited.
If you have received this communication in error, please erase all copies of
the message and its attachments and notify us immediately. Thank you.
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
