Graylog log ingestion from file path and not from port listening

spandey · April 19, 2022, 5:15am

I need a suggestion to address this use-case of log-ingestion from specific file path from syslog VM.
So right now all the logs come to syslog VM.
I have installed graylog server on syslog VM itself.

The logs are saved in ‘/import/syslog/messages’.

What is the best way to ingest this in the Graylog?
I have read about Graylog-sidecar and Filebeat but is there any simple way to implement this?

gsmith · April 20, 2022, 11:16pm

Hello

What you can use in order.

Graylog-side car /w FileBeat or NXlog ( preferred)
Single install Nxlog ( easy ,light weight)
Single install FileBeat
Rsyslog

Any log shipper you will have to configure to grab those log files.

Example of what needs to be added to the log shipper configuration file.

FileBeat

filebeat.inputs:
- input_type: log
  paths:
    - /import/syslog/messages
  type: log

Nxlog

<Input in>
    Module       im_file
    FILE         "/import/syslog/messages"
    SavePos       TRUE
    ReadFromLast  TRUE
    PollInterval  1
    Exec  $Message = $raw_event;
 </Input>

Hope that helps

system · May 4, 2022, 11:16pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.