Logs SSH Graylog


(berekese) #1

Hi, I recently installed Graylog and its works really good, but I have a little problem. I want that Graylog add ssh’s logs in his GUI.
Logs ssh is stored in auth.log but I think that Graylog is taking only logs from syslog, can it be changed to add logs SSH?

Thanks!


#2

yes, it can.

Just define an input in Graylog, and configure the sender to send also the auth log to that input. Graylog itself will not fetch the log; you need to send it to Graylog.


(berekese) #3

Hi, thanks you for your reply. I have added all logs with this:

$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
. @192.168.X.X:8514;GRAYLOGRFC5424

Is it enough?

Thanks!


(Jan Doberstein) #4

please look over here with a little more Information on that.


(berekese) #5

Yes, It works. I added . and I can see ssh’s logs.

Thanks.


(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.