Hi, I have the graylog server and I use rsyslog to send logs but I would like to send only the apache logs.
You can either work to change that in rsyslog or you can drop messages you don’t want when they arrive at your Graylog server. If you were dropping the message in the pipeline you could create a rule that parses out which messages you want to drop and use the drop_message() function to keep them out.
Can you give an example of what file it would be in and the syntax it uses?
If by “it” you mean rsyslog, I had a link for the docs that in my previous post… Otherwise I am not sure what you want…
As an alternative to rsyslog, you could install Graylog’s sidecar on that machine and use filebeats or nxlog to push just the apache logs the to Graylog.
I would suggest going through both Graylog documentation and searching this forum for more detail if you go the sidecar route.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.