Can i divide log file for each server?

ugur.aaygun · December 12, 2022, 7:04pm

Hi all

I have a question about logging in graylog

I want to create multiple server which will send logs to graylog but i want to graylog to store them with different names is it possible ?

I mean i know that i can see them in dashboard but i want to save as a different log file in graylog server side.

Thank for your answers.

gsmith · December 12, 2022, 10:40pm

Hello @ugur.aaygun && Welcome

This is possible in many ways. Pipeline comes to mind pr perhaps Beats loog shipper can place a tag on it.

When you stated

different log file

are to asking the “Type” of log"?

ugur.aaygun · December 13, 2022, 6:46am

Thank you for your fast reply i hope you are good

Actually when i say different log file i meant different name. Like for example i have 2 server ( lets say 10.0.0.1 and 10.0.0.2) which are sending logs to graylog. As far as i understood graylog stores them in a one log file. Can i see them as like 10.0.0.1.log and 10.0.0.2.log etc.

I can write a script to seperate them i assume but if there is an easy way i would like to use it

Thank you again for your answers.

ugur.aaygun · December 13, 2022, 8:33am

To make it more understandable i want to create multi tanent logging so that i am asking to seperate log files

ihe · December 13, 2022, 9:14am

Hi @ugur.aaygun
Please have a look in the Documentation:
Streams will give you the possibility to seperate logs on a logic level.
If you want to store your logs with different data-retention you will need to look at Index Sets.

tmacgbay · December 13, 2022, 7:37pm

If you were to create a separate physical index for each customer, like @gsmith said you can user the log shipper you are using (Beats/NXLog) to add a tag field to help with sorting, something like customer_tag:Agent_Smith_Services. Then create a stream/pipeline that catches those logs from their Input(s) and have a rule for each customer with something like:

rule "Log routing - Agent_Smith"
when

   $message.customer_tag == "Agent_Smith_Services"
   
then

   route_to_stream("Agent Smith Stream");
   
end

Then have the “catching” stream Agent Smith Stream that points/ends to the Agent_Smith_Index

ugur.aaygun · December 14, 2022, 6:06am

Thank you guys i think kind of i understood.

Great community great project thank you guys

gsmith · December 14, 2022, 6:08am

hey,
Awesome were glad to help

Need to ask just a quick question can join us on Discord,

system · December 28, 2022, 6:08am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using sidecar to read in multiple logs from one server but keeping them separate Graylog Central (peer support) sidecar	6	1211	May 9, 2022
How can i get seprate log of different server Graylog Central (peer support)	2	365	July 9, 2018
Multi Server send logs to graylog Graylog Central (peer support)	6	806	November 9, 2020
Guidance for inputs from multiple servers Graylog Central (peer support) pipeline-rules , sidecar , filebeat-windows , winlogbeat , basic-configuration	6	2472	January 6, 2020
Send single server logs to multiple Graylog Graylog Central (peer support) sidecar	4	1009	July 15, 2020

Can i divide log file for each server?

Related topics