Hi,
So I configured syslog to send my iptables logs directly to Graylog’s syslog. It seems that everything is working fine. I only wonder - must graylog server recognize syslog format somehow and dissect masages to some fields? What I can see now - only full message.
What input are you using in graylog? UDP or TCP Syslog?
Are you asking about how graylog can parse or process the message content in the syslog message?
Syslog is a limited format that only supports a limited number of fields, such as datetime, hostname, syslog level, and message.
This blog article is a good starting point for using graylog to parse the log message and extract fields: https://graylog.org/post/graylog-parsing-rules-and-ai-oh-my/
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.