2015-01-29 6:22 GMT+01:00 Brandon <[email protected]>: > Hi, I am having problems with getting some ESXi logs into graylog2 via > rsyslog and I am hoping someone can help me out. Currently, I ship logs > from the esxi 5.1 host to a satellite rsyslog server, which then sends the > logs on to a central rsyslog log repository. The logs are stored locally > and then passed on to the graylog2 server. The central log repository and > satellite nodes are running rsyslog v8.7 on CentOS. I can get logs from > other Linux servers without any issues. They all show up in the graylog2 > interface as expected under the right hostname and the file is created with > the right hostname on the log store server. > > The problem is logs are not forwarded into graylog2 (or they are and I > can't see them). I have tried using a template found from a google search > but it doesn't seem to work. I think the timestamp needs to be converted to > CST from UTC but don't know how to do that if it is possible. > > It's not possible. The problem is that there are not APIs to call for this. The only solution seems to be to duplicate the Linux TZ system in our own code, and I really don't like that idea.
To verify if that's your problem, just check a broader time range in your gui. Sorry I have no better answer, Rainer > Jan 29 03:20:01 host.domain.tld crond[2465]: crond: USER root pid 4324392 > cmd /sbin/hostd-probe > Jan 29 03:20:02 host.domain.tld syslog[4324393]: starting hostd probing. > Jan 29 03:20:02 host.domain.tld hostd-probe: [FFC6ECB0 warning 'Default'] > Unrecognized log/level 'audit' using 'info' > > $template (name="GRAYLOGRFC5424" type="string" > string="<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% > %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n" > ) > > *.* @@graylog2.domain.tld:10514;GRAYLOGRFC5424 > > Any help is appreciated. > Regards, > Brandon > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
