I am very new to Greylog and just want to view syslogs for a device. I know the source IPs for most of the devices I manage off the top of my head so that would be the easiest way for me to search for them. Someone else set up the server and I would really rather not have to ask them. It will turn into an hour long feature preview and I will probably not be shown basic things. Such as search for a device’s logs by it’s IP. I tried googling it and found all kinds of complex questions being answered. I really just want to go reading through a dozen pages of logs to find what I’m looking for. I have about a 24 hour window to search on a cisco switch. It shouldn’t take to long to find what I’m looking for if I can find the logs. I looked at the guides and they showed me how to look for events. That was nice but i don’t know what event I’m looking for, I just know about what time AN event caused a problem. I know this is a very basic question but I’m having a hard time finding a strait forward answer to this.
Never mind. I had tried using ‘source:[ip]’ before but gotten no results. Turns out that the person who set up the logging server didn’t properly configure the devices in their region. Device in other regions are displaying fine.
(一_一 )/
you can check the gl2_remote_ip field.
It is hidden by default, but you can show it.
1 Like
do you need a way to translate the IP in the source field to a name or the other way?
Or did you want to add names of ip’s to the messages?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.