Hi All,
I am trying generate syslog traffic through logger command. I am able to view and query the logs in Graylog2. But all the logs are shown as level 5 logs.
Is there any way I can send the log files in a manner which is understood by Graylog(Using logger command)?
If I configure Graylog ip in syslog.conf file, Graylog is able to parse all the linux log files.
Command
logger -n 192.168.1.10 -P 1514 -f app.log
192.168.1.10 => gralog server ip
1514 => graylog input port (Syslog)
Log file format
<Time stamp>: <application name>: <log level> : (<threadid>): <message>
Mapping required
<Time stamp> => timestamp
<application name> => source or facility
<log level> => level
<threadid> => message/full_message
<message> => message/full_message
delimiter is semi colon. But <message>
field can contain any number of semi colons
Sample Log file
2017-05-25 04:23:08: proxy1 : DEBUG: (140205480): run : id1::open
2017-05-25 04:23:08: proxy2 : DEBUG: (140206752): stop: index 0
2017-05-25 04:23:08: proxy1: INFO: (1436906752): func1 thread2
2017-05-25 04:23:08: proxy1 : DEBUG: (140906752): run : spawn