Sending logs of different applications on graylog

New to Graylog Community? READ-ME FIRST Guides The Water Cooler (AMA)
1

Hello every body,

i have recently installed graylog ( graylog6.1 on ubuntu ) and every thing works fine as i will. In our local netwerk we have different applications that have thier own log files and some of them are secured behind Apache2 or Nginx as reverse proxy. My question is how can i send all log files of every application and apache and nginx from clients ( ubuntu ) on graylog server as easy as possible ? i looked a little bite through the talks and the docs ( filebeat , nxlog and … ) but it is a little bite confusing for me which way will be the simplest and te best way.
Could you maybe give me some tips ?

Any idea and tip will be appreciated, thanks :wink:

friendly regards
Mazi

2

If it is all Linux, you could centralize everything with rsyslog and send it from there to graylog thru TCP or UDP. Most distro’s are using rsylog internally and it is adding one rule to rsyslog.conf to get things done.

3

@Arie thanks for replying ! That sounds good. Do i need configure specific things that are related to Graylog to send each and every log to rsyslog and from there to Graylog or it is a general config?
Could you please give tips about the one rule to rsyslog.conf or tell me where i could find docus about that ?

Thanks !

4

We do mostly one thing and that is in /etc/rsyslog.conf

(our software supplyer configures to let go everything in /var/log/syslog or /var/log/messages)

at the end the following rule:

*.* @@192.168.1.100:8514;RSYSLOG_SyslogProtocol23Format

where IP is your IP or DNS addres
after that the port number you configured (default 514).

@@ is for TCP
@ is for UDP

If you want to sent data for a specific programme only you could do:

if $programname == 'nagios' then @@192.168.1.100:8100;RSYSLOG_SyslogProtocol23Format

1 Like
5

@Arie thank you, i would test it and let you. Because i have more than 20 Servers , it would take some times, but thanks !