Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I’m wanting to use GELF HTTP to submit JSON messages to Graylog. I am running 6.1. I have added the GELF HTTP input and configured it with TLS and Authorization Header Name with Authorization Header Value.
If I use CURL to send a message, with the wrong Authorization Header Value, the HTTP response is 401 as expected but it still logs that message in Graylog.
Example curl command returns 202 ACCEPTED, but if I add a extra letter to the Authorization it’ll say 401 Unauthorized but still commit the message
curl -X POST https://hostname:12201/gelf \
-H "Content-Type: application/json" \
-H "Authorization: MySecretToken12345" \
-d '{
"version": "1.1",
"host": "myhost",
"message": "did a thing a",
"timestamp": '"$(date +%s)"',
"level": 1
}' -v
Also if I tick Enable Bulk Receiving
no messages get logged.
Example CURL, neither of these work but both return 202 ACCEPTED
curl -X POST https://localhost:12201/gelf \
-H "Content-Type: application/json" \
-H "Authorization: MySecretToken12345" \
-d '{
"version": "1.1",
"host": "myhost",
"message": "did a thing c",
"timestamp": '"$(date +%s)"',
"level": 1
}\n{
"version": "1.1",
"host": "myhost",
"message": "did a thing d",
"timestamp": '"$(date +%s)"',
"level": 1
}' -v
curl -X POST https://localhost:12201/gelf \
-H "Content-Type: application/json" \
-H "Authorization: MySecretToken12345" \
-d '{
"version": "1.1",
"host": "myhost",
"message": "did a thing e",
"timestamp": '"$(date +%s)"',
"level": 1
}' -v
2. Describe your environment:
-
OS Information: Debian 12
-
Package Version: Docker setup so running
graylog/graylog:6.1 (Graylog 6.1.5+e3ae3ce on graylog-server (Eclipse Adoptium 17.0.13 on Linux 6.1.0-28-amd64))
graylog-datanode:6.1 (6.1.5+e3ae3ce)
mongo:5.0 -
Service logs, configurations, and environment variables:
Only just installed as a default installation, only added the GELF INPUT, no extractors or custom streams etc. Wanted to get INPUT working before I continue to customise.
3. What steps have you already taken to try and solve the problem?
Tried different values, with no success. Also double checked the TLS certificate I set is working as expected, encase that was the issue.
Stopped and Started the INPUT.
4. How can the community help?
I would like to know why auth is not working, so where I’m going wrong and why when bulk is enabled, I can’t send single messages as well.
If GELF not supporting bulk messages with CURL, that’s not a problem. I’m only using it for testing currently, then looking to use GitHub - kkamkou/node-gelf-pro: Graylog2 client library for Node.js
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]