KPS
(KPS)
#1
Hi!
I am trying to collect VMWare-Logs with graylog 4.2.5
→ Created TCP-Syslog-Input
→ Tried Content-Pack from marketplace:
But: There is still a lot open.
According to Multiline/Fragmented Rsyslog Events - #5 by frantz - VMWare is sending multi-line-logs which are not handled, currently. So, there are logs, that do only contain: “–>”.
The dashboard of the contant-pack is empty, too.
Are you sending VMWare-logs to graylog? What is your concept? Do you need Logstash as “proxy”, or what are you using?
Thank you and best wishes.
KPS
KPS
(KPS)
#2
One update: Syslog-Input is discarding most of the vmware-logs. RAW-input is able to show a lot more…
gsmith
(GSmith)
#3
Hello,
You may want to look at this for multiline logs.
I also found these …
Last thing I did find was under Collectors
I hope all this information will help.
system
(system)
Closed
#4
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
