xx" port(5514));
>
> This used to be udp() or tcp() depending on the transport you wanted.
>
> Newer versions of syslog-ng documentation have emphasized IETF/RFC5424
> examples, but what you are looking for is the older BSD/RFC3164 formatted
> message.
>
>
>
Sure.
==below is my syslog-ng.conf file=
# cat syslog-ng.conf
@version:3.7
@include "scl.conf"
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for
configuration.
destination(d_lab_graylog);
};
On Tue, Jan 17, 2017 at 9:19 PM, Richard S. Westmoreland <
richar...@gmail.com> wrote:
> Can you paste your filter, destination and log statement for sending to
> graylog?
>
>
> On Jan 18, 2017, at 11:52 AM, Li Li wrote:
&g
t; option to keep original message, so then there will be a separate intact
> copy included. If you don't want the syslog to parse at all you could
> change to a RAW Input, but then you'd lose the indexing performance
> advantage for searching on syslog datetime and hostname.
>
; https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#syslog-ng
>
> for configuration instructions for syslog-ng.
>
> Cheers,
> Jochen
>
> On Friday, 13 January 2017 18:15:40 UTC+1, Li Li wrote:
>>
>> Hi, all,
>>
>> A portion of lo
Hi, all,
A portion of logs received from syslog-ng is missing, for example, logs
entries expected are:
Jan 12 17:04:22 Lab-PA5020.lab.hsc.net.ou.edu 1,2017/01/12
17:04:21,0011C102743,TRAFFIC,start,1
But in graylog, "Jan 12 17:04:22 Lab-PA5020.lab.hsc.net.ou.edu
1,2017/01/12" is missin
