Logs SSH Graylog

berekese · June 5, 2017, 7:40am

Hi, I recently installed Graylog and its works really good, but I have a little problem. I want that Graylog add ssh’s logs in his GUI.
Logs ssh is stored in auth.log but I think that Graylog is taking only logs from syslog, can it be changed to add logs SSH?

Thanks!

jtkarvo · June 5, 2017, 1:03pm

yes, it can.

Just define an input in Graylog, and configure the sender to send also the auth log to that input. Graylog itself will not fetch the log; you need to send it to Graylog.

berekese · June 6, 2017, 5:00am

Hi, thanks you for your reply. I have added all logs with this:

$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
. @192.168.X.X:8514;GRAYLOGRFC5424

Is it enough?

Thanks!

jan · June 7, 2017, 12:53pm

please look over here with a little more Information on that.

berekese · June 8, 2017, 7:09am

Yes, It works. I added . and I can see ssh’s logs.

Thanks.

system · June 22, 2017, 7:09am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Rsyslog.conf on Graylog Server? Graylog Central (peer support)	2	1175	August 22, 2018
Ssh access logs Graylog Central (peer support)	4	654	February 10, 2023
Graylog2 and rsyslog Graylog Central (peer support)	2	183	February 12, 2024
How to Recieve input from remote host Graylog Central (peer support)	4	788	April 18, 2018
Adding Graylog to rSyslog Server Graylog Central (peer support)	3	766	February 9, 2018

Logs SSH Graylog

Related Topics