We have a requirement to send same copy of logs available in the kubernetes pods level to forward into two different graylogs at the same time . Currently the Kubernetes pods are using the GELF LOGBACK XML to push logs . Can we achieve this by adding multiple appenders ? what are the techincal pre-requisites on those graylogs to make this happen ?
Hello @Hari
Yes this is possible but it depends on the log shipper used. For example nxlog can send logs to two Log servers.
It should look something like this, you can adjust it to your needs.
<Extension syslog>
Module xm_syslog
</Extension>
########## INPUT SECTION ##########
<Input messages-101>
Module im_file
File "/var/log/messages"
</Input>
<Input messages-202>
Module im_file
File "/var/log/message"
</Input>
############ OUTPUT SECTION ############
<Output Graylog-1>
Module om_udp
Host 192.168.2.56:5144
</Output>
<Output Graylog-2>
Module om_udp
Host 192.168.2.100:5145
</Output>
############## ROUTE SECTION #############
<Route Graylog-1>
Path messages-101 => Graylog-1
</Route>
<Route Graylog-2>
Path messages-202 => Graylog-2
</Route>
https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html
Hope that helps.
1 Like
Thanks Smith for your prompt support and comments . The log shipper would be fluentd in our case . copy - Fluentd
Hello,
I haven’t used/configured Fluentd before so I’m not sure if that type of log shipper is capable of execute the same as Nxlog, therefore I might not be much help .
Did a quick search, looks like Fluentd has the same flow as Nxlog Input → Filter → Output .
Shown here
Perhaps look into adjusting those config’s.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.