Dear, I have to ingest accounting data from /var/log/account/pacct file, which is a data file (not plain text) to my Graylog 3.x.
I’ve read Syslog NG has a driver that lets pacct data file to be converted into a plain text file.
Is there any way to do the same with Graylog 3.x ???
Thanks a lot in advance.
Hello @robertito,
Are you talking about /var/log/account/pacct on the server hosting Graylog? Graylog doesn’t ingest files locally from disk in any way that I’m aware of. We forward files from our servers hosting Graylog into Graylog using rsyslog like we would any other *nix servers. You can pre-process pacct using a cronjob and write to a plain text file which then rsyslog will forward to Graylog. That’s the way I would do it at least, being ignorant of any easier/more elegant option.
Dear Andrew, thanks for your response.
I need to receive remote /var/log/account/pacct log files, so as you say, I think I have to pre-process these files in the original servers and after that send them to the central Graylog node using rsyslog.
So now I have to see how I can convert the pacct data files into plain text files.
Regards!!!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
