How to pull logs rather than push from remote linux system

(Alastair Neil) #1

Hi relatively new to Graylog, I have a use case that requires capturing logs from a linux server that is unable to see the Graylog server for security reasons. The Graylog server will be able to see the remote server. So I was wondering if there was anyway to pull logs from the server rather than have them sent?

Thanks, Alastair

(Jan Doberstein) #2

Graylog does not provide that feature - but I can think of several ways you are able to solve that.

Use a queue (Kafka,RabbitMQ or Redis) to push the data from the secured host to and read from Graylog that queue.

Depending on the architecture around and the given security policies other options might be available.

(Alastair Neil) #3

Thanks for the suggestion. I have done some research and it seems like I can configure rsyslog to send everything to a pipe using the ompipe module. Then the pipe can be read remotely using ncat, is the a collector that would just accept a pipe?

(Jan Doberstein) #4

hej @ajneil you can just push via netcat to a RAW/Plaintext Input of Graylog (for example).

(Alastair Neil) #5

Great sounds like I have a plan.

(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.