How to add multiple host and IP in stream rule

deepakkumardubey · May 27, 2021, 9:22am

Hello Friends,

As I am getting requests from multiple host machines, how to create stream rule so that all messages can get on a single port.

shoothub · May 27, 2021, 11:09am

Create more stream rules with condition any match (not all match).

deepakkumardubey · May 27, 2021, 1:33pm

I am not able to send my log message from fluentbit to Graylog. I am using gelf setting. I have used same settings for another clients those are working . But some clients are not working.

shoothub · May 27, 2021, 1:54pm

Check graylog server log file for any errors, maybe your gelf is not complaint.
sudo tail -f /var/log/graylog-server/server.log

deepakkumardubey · May 27, 2021, 2:41pm

Request is not reaching to Graylog. I can see in the logs for other clients IP, it’s showing but some it’s not.

I have compared both configuration no difference.

shoothub · May 28, 2021, 5:29am

Maybe there is a firewall, that blocks such connection, please check…

If you use GELP HTTP input try to send example message using curl:
curl -XPOST http://graylog.example.org:12202/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "_foo":"bar"}'

If you use GELF UDP input try to send example message using nc:
echo -n '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' | nc -w0 -u graylog.example.com 12201

If you use GELP TCP input try to send example message using nc:
echo -n -e '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }'"\0" | nc -w0 graylog.example.com 12201

deepakkumardubey · June 1, 2021, 4:18am

Hi Shootub,

I have used below command as we are using GELF TCP.
If you use GELP TCP input try to send example message using nc:
echo -n -e '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }'"\0" | nc -w0 10.24.11.23 12201

But we are getting below error.

Ncat: Invalid -w timeout (must be greater than 0). QUITTING.

Then i replaced | nc -w0 with | nc -w1 and executed below command.

echo -n -e ‘{ “version”: “1.1”, “host”: “example.org”, “short_message”: “A short message”, “level”: 5, “_some_info”: “foo” }’"\0" | nc -w1 10.24.11.23 12201

Above command not showing me any error but i can’t see any message in Graylog UI and logs.

shoothub · June 1, 2021, 8:17am

Yes, you are right, w0 is parameter for older version of nc.

It should definitely work. If not, try to check if something not block this connection, like firewall. Try to telnet to port, to check if your connection in not blocked:
telnet 10.24.11.23 12201

If not works, try to create new test Gelf TCP input with different port, and try it.

system · June 15, 2021, 8:18am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Two GELF udp inputs for two different apps on one graylog docker implementation Graylog Central (peer support) pipeline-rules , route-to-streampl	3	1144	November 20, 2019
Daily Challenge: Fail to transfer only ERROR and WARN log using fluentbit Loglevel Graylog Central (peer support)	3	395	June 23, 2021
FluentBit to Graylog: input validation on Graylogs end Graylog Tech Challenges	4	1789	July 13, 2021
FluentD: cannot send logs to UDP port of GrayLog (only TCP) Graylog Central (peer support)	2	1221	January 1, 2021
GELF message ERROR in server.log Graylog Tech Challenges	6	1984	July 27, 2021

How to add multiple host and IP in stream rule

Related Topics