Client log location

Description of your problem

how do i set in a linux client in the rsyslog.conf to gather logs from another location that is not present in the syslog location.

Description of steps you’ve taken to attempt to solve the issue

Environmental information

Operating system information

  • RHEL
    CentOS
  • Ubuntu
  • Debian
  • Containers (e.g., Docker, Kubernetes, etc.)
  • FreeBSD
  • Windows
  • Other (e.g., using config management like Chef, Puppet, Ansible or Salt to deploy Graylog)

Package versions

  • Graylog
  • MongoDB
  • Elasticsearch
  • Service logs, configuration, and environment variables
  • See the docs site for all file locations

NOTE: For all container-based deployments, please include your full, redacted YAML configuration file

NOTE: When posting log output or code snippets (e.g., JSON, YAML, etc.), please surround your code with three backticks like so:

```
 Your code goes here
```

For longer code or configuration bits, please enclose your snippet in a summary block like this:

Summary of your code snippet or config here
Your code goes inside the triple backticks

@tor hi there, can you please edit your post to provide the information the community needs to help you out?

How do I do that I cant even edit the ticket. I have stated my problem in the ticket.

currently in /etc/rsyslog.d/ I have a syslog.conf file which send logs to gray log.

The entry in the file is . @@graylog server ip:10514;RSYSLOG_SyslogProtocol23Format

I would like log entries from another location sent to gray log as well as the syslog.

I am on centos

Hello

If you use the same settings as the first node you can use those settings on the second node with the same port, if you wish.

On a second note… @aaronsachs is referring to this Format topics with Markdown

Also he was referring to this with the red box around it.

Also, this would have helped. If you having a hard time editing your post, you could have used a text file prior to posting your issue. Once done just copy & paste here.
Example:

Description of your problem
Elasticsearch is broken after an upgrade

Description of steps you’ve taken to attempt to solve the issue
Rebooted system
Search log files for elasticsearch and Graylog

Environmental information
Operating system information
Ubuntu 20.0.1

Package versions
Graylog 4.1.0
MongoDB 4.4.0
Elasticsearch 7.10

Hi gsmith,

Thanks for your reply. On previous tickets I have opened I have just added text. This time i wanted to see what the templates showed really. Next time ill keep in mind the layout.

Regarding my post. The logs are coming from the same server but located at a different path on the system. How would I add that to the system? Can you give me a example?

Or would I declare the path in the main /etc/rsyslog.conf file rather than in /etc/rsyslog.d/rsyslog-graylog.conf.

So I got a log file that is not in /var/log but in a different location. How do I get this log info in the file to graylog?

It hard to troubleshoot your issue. Showing full configurations and/or screen shots would be appreciated.

So there is nothing to trouble shoot. I have a log file not located in the standard /var/log/syslog area the log file is generated by a in house developed script. I just want to send the data in that log file to graylog server.

This would apply to any log file in any location on the server. How do I send these logs to graylog? How does graylog know that I have a log file generated by a different application to send to it other than syslog.

Also i want rsyslog service to take care of the log.

Hello

Might want to read this.

https://docs.graylog.org/en/4.1/pages/sending_data.html

And this

https://docs.graylog.org/en/4.1/pages/sidecar.html

Graylog does not know. It can only receive logs.

Thank you gsmith I’ll have a read.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.