Monitoring log formats

Hi, I want to monitor logs which are sent to my log server. Some sources send files containing images or other files (.jpg, .pdf, …). How can I do this?

Hello,

Graylog ingest syslog and other types of logs. It doesn’t ingest picture types such as JPG,GIF, PNG etc…
Might want to read this.

https://docs.graylog.org/docs/sending-data

I haven’t seen anyone send a PDF file BUT I have seen this be aware I have never used it and don’t know if it works.
.

The point is, I want to find sources that send this files and discard them in order to reduce the load of Graylog.

Hello,

You are say that there are sources in your environment that’s send picture formats and PDF files?
What type of log shipper are you using on these sources?
What type of input did you configure on your Graylog server?

Yes exactly.

Mostly GELF TCP/UDP and syslog

Hello,

You maybe able to stop those from being sent from the source.

Wild guess, if you could identify the incoming messages clearly, you could possibly skip them with a pipeline processor on all incoming messages.

1 Like

tnx @Arie,
The point is, I want to reduce the load on my Graylog server by detecting these inputs and remove or edit them.

That is why the introduced those pipelines, the only other way is putting something in front of Graylog or do some processing on the sending side. Is the load on your Graylog already that high?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.