Sending log files to Graylog using logger command


#1

Hi All,

I am trying generate syslog traffic through logger command. I am able to view and query the logs in Graylog2. But all the logs are shown as level 5 logs.
Is there any way I can send the log files in a manner which is understood by Graylog(Using logger command)?

If I configure Graylog ip in syslog.conf file, Graylog is able to parse all the linux log files.

Command 
logger -n 192.168.1.10 -P 1514 -f app.log
192.168.1.10 => gralog server ip
1514 => graylog input port (Syslog)

Log file format
<Time stamp>: <application name>: <log level> : (<threadid>): <message>

Mapping required
<Time stamp> => timestamp
<application name> => source or facility
<log level> => level
<threadid> => message/full_message
<message> => message/full_message

delimiter is semi colon. But <message> field can contain any number of semi colons

Sample Log file
2017-05-25 04:23:08: proxy1 : DEBUG: (140205480): run : id1::open
2017-05-25 04:23:08: proxy2 : DEBUG: (140206752): stop: index 0
2017-05-25 04:23:08: proxy1: INFO: (1436906752): func1 thread2
2017-05-25 04:23:08: proxy1 : DEBUG: (140906752): run : spawn

(Jan Doberstein) #2

Hej @uts09

if you want to change the priority you need to add -p local3.info or set this via --prio-prefix .

Please refer to the man page to get an idea. If you want to use logger in a script you should think about using the --sd-param option to get already structured data.

Should I didn’t get your intention correct, please elaborate on your question.


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.