I would like to know if it’s possible to send binary logs to Graylog?
I’m currently trying to find a way to do it but I don’t have any idea.
I’m using FreeBSD 13-1, I want to push data from pflog0 device to my graylog server.
Really open to any idea
I have not seen anything about Graylog receiving binary… Documentation suggests using tcpdump to a text file and you could have filebeat or nxlog pick up the results.
Adding on to @tmacgbay statement . You can write a custom Graylog input plugin which will parse the incoming data and make sense of it.
Thank you, I saw it also but I have some questions.
Why do I need to use nxlog or filebeat if I’m having the text file by tcpdump?
There is no possible to have the text file to Graylog? Why not pick the results with Graylog?
Thank you, but it’s not very clear to create a custom plugin.
I don’t find it very explicit if you create through the WebUI or the virtual machine.
I suppose you could have tcpdump go directly to a raw input, never tried it. You would be held to process out whatever tcpdump gives you in an extractor or pipeline. If you put it to text file, nxlog/beat can do some preprocessing before sending to Graylog… depending on the number of clients and volume of data, distributing it that way may be preferable. Writing something to specifically take binary would be interesting if you are into that kind of thing…
Yes, I saw pflog to graylog (mail-archive.com) as well but it’s not up to date.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.