Hi, I recently installed Graylog and its works really good, but I have a little problem. I want that Graylog add ssh’s logs in his GUI.
Logs ssh is stored in auth.log but I think that Graylog is taking only logs from syslog, can it be changed to add logs SSH?
Thanks!
yes, it can.
Just define an input in Graylog, and configure the sender to send also the auth log to that input. Graylog itself will not fetch the log; you need to send it to Graylog.
Hi, thanks you for your reply. I have added all logs with this:
$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
. @192.168.X.X:8514;GRAYLOGRFC5424
Is it enough?
Thanks!
please look over here with a little more Information on that.
Yes, It works. I added . and I can see ssh’s logs.
Thanks.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
