Hi, I am having problems with getting some ESXi logs into graylog2 via
rsyslog and I am hoping someone can help me out. Currently, I ship logs
from the esxi 5.1 host to a satellite rsyslog server, which then sends
the logs on to a central rsyslog log repository. The logs are stored
locally and then passed on to the graylog2 server. The central log
repository and satellite nodes are running rsyslog v8.7 on CentOS. I can
get logs from other Linux servers without any issues. They all show up
in the graylog2 interface as expected under the right hostname and the
file is created with the right hostname on the log store server.
The problem is logs are not forwarded into graylog2 (or they are and I
can't see them). I have tried using a template found from a google
search but it doesn't seem to work. I think the timestamp needs to be
converted to CST from UTC but don't know how to do that if it is possible.
Jan 29 03:20:01 host.domain.tld crond[2465]: crond: USER root pid
4324392 cmd /sbin/hostd-probe
Jan 29 03:20:02 host.domain.tld syslog[4324393]: starting hostd probing.
Jan 29 03:20:02 host.domain.tld hostd-probe: [FFC6ECB0 warning
'Default'] Unrecognized log/level 'audit' using 'info'
$template (name="GRAYLOGRFC5424" type="string"
string="<%PRI%>%PROTOCOL-VERSION%
%TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID%
%STRUCTURED-DATA% %msg%\n"
)
*.* @@graylog2.domain.tld:10514;GRAYLOGRFC5424
Any help is appreciated.
Regards,
Brandon
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
