The more preprocessing your applications can do the better. Ideally use JSON or GELF and structured logging.
Check the Graylog Marketplace for existing GELF appenders for your logging frameworks:
Yes, but that’s bad practice. Use the proper syslog message template in rsyslog and you’ll be much happier (and the syslog messages will contain a proper timestamp):
There’s a difference in the message timestamp and the time the message was received by Graylog. You usually want to have a proper (and correct) message timestamp, ideally ISO 8601 with date and time in UTC.
