when I try to configure rsyslog to send the logs from my tomcat, what leads to destination is not readable?.
How do I configure rsyslog to send logs from a specific program to a remote syslog server ?
what I read from the log, is not what reaches graylog. why ? ,
How can I configure it so that the same thing I see in the logs arrives, I would have to see it in graylog the same, but it is not like that. and I do not know why
for example , this is what comes to graylog , message
action ‘action 29’ suspended, next retry is Fri Sep 11 11:55:31 2020 [v8.24.0 try http://www.rsyslog.com/e/2007
I do lots of flat logfile ingestion in Graylog, but i usually set up a sidecar and use filebeat for that.
Basically I install the sidecar and connect it to a graylog server, then make a sidecar config in the webUI, then I assign that sidecar config to the endpoint in sidecar administration.
Here’s an example of a sidecar configuration pulling a bunch of flat files:
I annotated where the input files and output graylog/logstash server are declared in the config.
The benefit of this setup, to me, is that I can add more logs to the extraction config from the webUI and not need to SSH into or touch the log origin host.
You could probably get away with something similar, by changing the path of the input files to match the log files which you want to ship.
I hope that this is helpful info… Also, this forum is pretty active so I’m sure a more experienced GL admin will be by shortly to help out further than I can.
@elpedrop
I used rsyslog on my CentOS server but found its limited, so I started using NXlog now, other people use something similar.
You might find something in here that would help you out.
