Marsel
September 8, 2017, 4:34pm
1
Hi,
I have a simple output configured in nxlog config file to forward logs from a .log file running on windows 7. I can’t seem to be able to forward the hostname in the log. Graylog will use the IP address from the load balancer as the source. I have tried all of the following options:
<Output out_orpos>
Module om_udp
Host graylog.test.com
Port 12211
Exec $hostname = hostname();
Exec $Hostname = '<ServerHostname>';
Exec $hostname = hostname_fqdn();
Exec $source = 'lab';
Exec $SourceName = 'lab';
</Output>
The only option i have so far is to not NAT on the load balancer. Graylog will see the real host IP.
jochen
September 8, 2017, 8:57pm
2
What type of input are you using to receive these messages?
Your configuration doesn’t look like you’re emitting GELF (which would have the capability to set the hostname).https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#xm_gelf for further details.
Marsel
September 8, 2017, 9:06pm
3
I am using raw/plaintext UDP input. With GELF i was getting the following errors.
com.fasterxml.jackson.core.JsonParseException: Unrecognized token ‘oracle’: was expecting (‘true’, ‘false’ or ‘null’)
Thank you for your response.
Marsel
September 8, 2017, 10:50pm
4
Marsel:
GELF
I added GELF as output in nxlog.conf but have syslog as the configured input in graylog, and i think it is working now.
system
September 22, 2017, 10:50pm
5
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
