How graylog differentiate logs from various servers

I have a query. I have configured a graylog server and created one input. did rsyslog configuration in one client machine. after that whenever i am clicking on “show Received messages” button in GUI, i am getting histogram and messages. What my doubt is, suppose we have 100 servers on our organization, how will the graylog server differentiate the logs from various servers.? How can we identify logs from various servers? if one login attempt failed in a particular server, then does it shows in graylog GUI? Please send me any documents to understand more about these kind of doubts. Thanks in advance

That depends on various factors, but many logging protocols and formats support adding information about the client the particular log messages originated from.

In Graylog, this information in usually stored in the “source” message field (also see the Sources page in the web interface).

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.