Firsts, I want to thank you for all the answers and apologies for my english
I have 2 server, 1 is Graylog server and another is FreePBX has location logs file: /var/log/asterisk/abc.log
I have config logs for my asterisk as follow: http://www.asteriskdocs.org/en/3rd_Edition/asterisk-book-html-chunk/Monitoring_id264504.html.
Next, I am trying to config rsyslog by replacing the default files of rsyslog to the file location of asterisk as follows (I am not sure if it’s right or not, if not please give me some advice):
Thank you @Mexonizator for reply
Sorry for my missing information but I have the configuration address: My Graylog server port in rsyslog of FreePBX. I consider it possible because it didn’t catch the messages from the directory path I configured on rsyslog as follow: /var/log/asterisk/…log ?? I don’t understand why and I’m stuck there
It would be better to have an error than to have no error but not run
In that case I’d check if the syslog logs from FreePBX can reach Graylog at all. One of simple ways is using the logger utility.
logger -n graylog-address:5514 'Message'
Launch that command from the PBX machine. If the message shows in Graylog, then there’s no problem with network. In addition I’d check if ports in PBX config and Graylog input match.
Yes it will show in my Graylog if I dont change default file location in my rsyslog.conf. And It continues that errors when I change it. I’m not sure Graylog catches the files I want to display, it’s configured in rsyslog.
Do you have any ideas about configuring the location of files that I want Graylog to catch?
Let’s revise the setup for clarity’s sake. You have two machines: FreePBX and Graylog, right? Right. On PBX there’s a syslog which receives the logs from it and stores them in local files (the first screenshot).
All you need to do then is just to tell the Syslog which files you want to deliver. So, there’re three steps for that.
Read the documentation of PBX and understand what type of events it sends to the local Syslog;
Read the documentation of Syslog and understand what facilities and levels are. What syntax is used;
Define types of logs you need in Syslog so as to have them delivered to Graylog.
For example. If you wanted to send SSH logs to Graylog, you’d use that line:
authpriv.* @graylog-address
Or
authpriv.*, mail.*, cron.* @graylog-address
If there were several types of logs that you’d want to send.
As you can see, the word before the dot means the type of event, the asterisk (*) after it is the level of (severity) of it. In that case, any.
By the way, it seems, that in your config on the first screenshot, you would have four identical files, as *.* means all types of events with any level of severity.
