Can i divide log file for each server?

ugur.aaygun · December 12, 2022, 7:04pm

Hi all

I have a question about logging in graylog

I want to create multiple server which will send logs to graylog but i want to graylog to store them with different names is it possible ?

I mean i know that i can see them in dashboard but i want to save as a different log file in graylog server side.

Thank for your answers.

gsmith · December 12, 2022, 10:40pm

Hello @ugur.aaygun && Welcome

This is possible in many ways. Pipeline comes to mind pr perhaps Beats loog shipper can place a tag on it.

When you stated

different log file

are to asking the “Type” of log"?

ugur.aaygun · December 13, 2022, 6:46am

Thank you for your fast reply i hope you are good

Actually when i say different log file i meant different name. Like for example i have 2 server ( lets say 10.0.0.1 and 10.0.0.2) which are sending logs to graylog. As far as i understood graylog stores them in a one log file. Can i see them as like 10.0.0.1.log and 10.0.0.2.log etc.

I can write a script to seperate them i assume but if there is an easy way i would like to use it

Thank you again for your answers.

ugur.aaygun · December 13, 2022, 8:33am

To make it more understandable i want to create multi tanent logging so that i am asking to seperate log files

ihe · December 13, 2022, 9:14am

Hi @ugur.aaygun
Please have a look in the Documentation:
Streams will give you the possibility to seperate logs on a logic level.
If you want to store your logs with different data-retention you will need to look at Index Sets.

tmacgbay · December 13, 2022, 7:37pm

If you were to create a separate physical index for each customer, like @gsmith said you can user the log shipper you are using (Beats/NXLog) to add a tag field to help with sorting, something like customer_tag:Agent_Smith_Services. Then create a stream/pipeline that catches those logs from their Input(s) and have a rule for each customer with something like:

rule "Log routing - Agent_Smith"
when

   $message.customer_tag == "Agent_Smith_Services"
   
then

   route_to_stream("Agent Smith Stream");
   
end

Then have the “catching” stream Agent Smith Stream that points/ends to the Agent_Smith_Index

ugur.aaygun · December 14, 2022, 6:06am

Thank you guys i think kind of i understood.

Great community great project thank you guys

gsmith · December 14, 2022, 6:08am

hey,
Awesome were glad to help

Need to ask just a quick question can join us on Discord,

system · December 28, 2022, 6:08am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can i get seprate log of different server Graylog Central (peer support)	2	339	July 9, 2018
I want to separate logs Graylog Central (peer support)	3	633	March 8, 2017
Send logs to many indexes Graylog Central (peer support)	2	2167	December 15, 2017
Central Graylog Server Graylog Central (peer support)	2	348	December 4, 2019
Multiple Stages (DEV, QA and PROD) -> Best setup? Graylog Central (peer support)	8	949	February 25, 2021

Can i divide log file for each server?

Related Topics