2015-01-29 8:46 GMT+01:00 Radu Gheorghe <[email protected]>:
> Hi Brandon, > > I haven't used graylog2 in years, so I might be completely off, but here > here are two ideas that might help. > > AFAIK, graylog2 uses Elasticsearch as the backend for storing logs, so if > you figure out how data is normally written, you could hook rsyslog > directly to ES via omelasticsearch. I didn't do this with graylog, only > with logstash: > http://blog.sematext.com/2013/07/01/recipe-rsyslog-elasticsearch-kibana/ > > The problem with this approach is if your original logs don't have a > timezone. Then rsyslog assumes it's UTC which may or may not be true. If > you need to mangle with the timestamp, I think there's currently no way to > do that. So you'd need something external to change the timestamp. It looks > like Logstash can do it with the date filter: > > http://www.elasticsearch.org/guide/en/logstash/master/plugins-filters-date.html#plugins-filters-date-timezone > > Actually, there might just be a dirty way to do it in rsyslog via > templates. date-rfc3339 should output something like: > > 2015-01-27T16:17:57Z > > And you can output everything except that Z (or it may be +00:00, I don't > remember) and append a hardcoded timezone (like -05:00 or something) > directly in the template. > > Ugly? You bet! But maybe less ugly that using something else just for > timestamp changing. Though a cleaner method could be to add this > functionality to rsyslog. > I would love to if someone could point me at a method that doesn't mean duplicating tenthousands of operating system code lines... Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
