Graylog log ingestion from file path and not from port listening

spandey · April 19, 2022, 5:15am

I need a suggestion to address this use-case of log-ingestion from specific file path from syslog VM.
So right now all the logs come to syslog VM.
I have installed graylog server on syslog VM itself.

The logs are saved in ‘/import/syslog/messages’.

What is the best way to ingest this in the Graylog?
I have read about Graylog-sidecar and Filebeat but is there any simple way to implement this?

gsmith · April 20, 2022, 11:16pm

Hello

What you can use in order.

Graylog-side car /w FileBeat or NXlog ( preferred)
Single install Nxlog ( easy ,light weight)
Single install FileBeat
Rsyslog

Any log shipper you will have to configure to grab those log files.

Example of what needs to be added to the log shipper configuration file.

FileBeat

filebeat.inputs:
- input_type: log
  paths:
    - /import/syslog/messages
  type: log

Nxlog

<Input in>
    Module       im_file
    FILE         "/import/syslog/messages"
    SavePos       TRUE
    ReadFromLast  TRUE
    PollInterval  1
    Exec  $Message = $raw_event;
 </Input>

Hope that helps

system · May 4, 2022, 11:16pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Best way in graylog Graylog Central (peer support)	5	738	September 16, 2021
Best practice in ingesting logs Graylog Tech Challenges pipeline-rules , route-to-streampl	5	2930	July 27, 2021
How to forward syslog messages stored on NFS location to graylog Graylog Central (peer support)	5	1411	September 23, 2017
How to save all incoming syslog to Graylog-server Graylog Central (peer support)	12	9638	October 12, 2017
To ingest the log file generated by Graylog Graylog Central (peer support) alert	6	408	May 3, 2023

Graylog log ingestion from file path and not from port listening

Related Topics