Old Log firewall local

Hello to all,
i’am used graylog v3.1

I have 12GB old firewall log and I want to send into the graylog
What exactly should I do?
please guide me.

thanks in advance.

best regards.

read that file with filebeat and ingest or read it via script line by line and send via netcat … all possible.

hi jan

You answered very briefly
I don’t know exactly how to do it
Please guide further and more
Thank you:::pray:

  1. Create new Input (Raw TCP). For example it will listen on
  2. Then just send content of your log to this destination.
    Basically you can do it by
    cat your.log | netcat 1234
1 Like

thank you for answering my question
Unfortunately I receive noth

ing !!!:slightly_frowning_face:

@bahram you did something complete different from what @zoulja wrote …

hi jan
how to send content of your log to this destination ?:thinking:

read the posting: Old Log firewall local

@zoulja has given a possible way.

hi jan
Unfortunately, I did not succeed
I really don’t know where the problem is
I want to do it through ُSidecar\filebeat \ input Raw/Plaintext inputs

but filebeat and RAW Input does not work together.

When you use filebeat to read the log, you need a BEATS input that can communicate with the filebeat.

1 Like

hi zoulja

I was finally able to send all the LOG to the Graylog
But I have only three filed (message, source , timestamp)
Why ?

These are default fields.
If you want to parse log into specific fields, you need to configure Extractor, otherwise Graylog wouldn’t know what are your fields, how to name them, how to distinguish them and so on.
In Extractor you will explain Graylog “take first 8 digits and put them into Awww field, take next 2 characters and put them into Ouch field”, and so on

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.