Hello,
i want to integrate (Logging) graylog 3.0.2 from two different applications(API and reporting system), the first application written in PHP 7, and second application written in Perl.
i found GELF library for PHP and perl, but it only supports graylog2
Is there a GELF library for graylog 3.0.2 ? or should i replace graylog3 version with graylog2
did you have a reason that you ask the same question in all available ways ( Github, IRC and this community)?
I have written the answer in my comment closing the Github issue.
Thank You for your response Jan, i will submit similar issues to graylog community only.
when i tried to log data through below code:
curl -XPOST http://127.0.0.1:12201/gelf -p0 -d ‘{“short_message”:“Hello there”, “host”:“example.org”, “facility”:“test”, “_foo”:“bar”}’
i got below message
curl: (56) Recv failure: Connection reset by peer
although i created GELF TCP input listen to 127.0.0.1:12201
please note that the graylog is installed on docker machine (http://127.0.0.1:9000)
Any advice please
you created a GELF TCP Input, but using the method to send GELF HTTP …
Just sort out the way of submitting data:
When you have a GELF TCP input, you need this: http://docs.graylog.org/en/3.0/pages/gelf.html#sending-gelf-messages-via-tcp-using-netcat
echo -n -e '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }'"\0" | nc -w0 graylog.example.com 12201
i tried to execute below code(localhost), but i did not recieve any messages in graylog
echo -n -e ‘{ “version”: “1.1”, “host”: “localhost”, “short_message”: “A short message”, “level”: 5, “_some_info”: “foo” }’"\0" | nc -w0 localhost 12201
Also i tried to Run HTTP request :
curl -X POST -H ‘Content-Type: application/json’ -d ‘{ “version”: “1.1”, “host”: “127.0.0.1”, “short_message”: “A short message”, “level”: 5, “_some_info”: “foo” }’ ‘http://127.0.0.1:12201/gelf’
but i received below response
curl: (56) Recv failure: Connection reset by peer
Updae: after many tries, below http Request sucess
curl -X POST -H ‘Content-Type: application/json’ -d ‘{ “version”: “1.1”, “host”: “0.0.0.0”, “short_message”: “A short message”, “level”: 5, “_some_info”: “foo” }’ ‘http://0.0.0.0:12201/gelf’
when i made above request through graylog Gelf library(Gelf for Perl),
the connection refused, please check below request and response details,i really appreciate your help and advice
Request Details:
URL : ‘http://0.0.0.0:12201/gelf’;
Header [ ‘Content-Type’, ‘application/json’ ];
Request Details ‘{"_some_info":“foo”,“full_message”:“First Log Web”,“host”:“0.0.0.0”,“level”:5,“short_message”:“Message Web1”,“timestamp”:1564438682,“timestr”:“2019-07-29 22:18:02”,“uuid”:“XXXX”,“version”:“1.1”}’;
Response Details:
{ ‘captured_req_headers’ => undef, ‘code’ => 500,
‘headers’ => bless( { ‘content-length’ => [ 121 ],
‘x-internal-response’ => [ 1 ] },
‘Furl::Headers’ ),
‘minor_version’ => 0,
‘captured_req_content’ => undef,
‘message’ => 'Internal Response: Failed to send HTTP request: Connection refused ',
‘content’ => 'Failed to send HTTP request: Connection refused ',
‘request_src’ => { ‘headers’ => [ ‘Content-Type’, ‘application/json’ ],
‘url’ => ‘http://0.0.0.0:12201/gelf’,
‘method’ => ‘POST’,
‘content’ => ‘{"_some_info":“foo”,“full_message”:“First Log Web”,
“host”:“0.0.0.0”,“level”:5,“short_message”:“Message Web1”,“timestamp”:1564438806,
“timestr”:“2019-07-29 22:20:06”,
“uuid”:“XXXX”,“version”:“1.1”}’ } },
‘Furl::Response’ );
What kind of input did you use? (Graylog UI System > Inputs)
please google yourself what 0.0.0.0 stands for and why that isn’t working from a remote host …
for the above i used HTTP GELF, currently i create diffrent input (TCP GELF, 0.0.0.0) port 12201
below configurations for nginx config file:
server {
listen 80;
server_name graylog;
location /guacamole/ {
#snip
}
location /graylog/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/graylog/api;
proxy_pass http://graylog:9000/;
}
location /portainer/ {
#snip
}
}
below code to docker compose file:
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "443:443"
- "80:80"
............
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.6/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:3.0
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
- GRAYLOG_REST_LISTEN_URI=http://0.0.0.0:9000/graylog/api
- GRAYLOG_WEB_LISTEN_URI=http://0.0.0.0:9000/graylog
# - GRAYLOG_REST_TRANSPORT_URI=http://127.0.0.1:9000/graylog/api
- GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/graylog/api
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
networks:
default:
external:
name: nginx-proxy
when i try to create log from other application(installed on the same docker compose ), i get below message :
Cannot create socket: Connection refused
any help please
Update : above issue is solved, i replaced host in graylog object created in PERL to graylog
@jan, thank you for your help
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.