I have 3 server installed with windows server 2016.
I send the event viewer log to graylog2.
2 of 3 server i dont have problem, the source was right, show the server name.
The another server show in the source field jun. instead the server name.
How can i solved this error?
Thanks
how did you send the windows logs to your graylog?
Hi Jan, thanks for taking the time to answer me.
I use solarwinds Event LogForwarder tool.
After install and test different options (filebeat, nxlog, etc.) I found that this is the easier way to send my Windows log to Graylog.
Unfortunaly , I have this 2 cases where graylog receive “jun.” instead the server name in the source field.
Both server are the third node in a always on cluster , and i use them to decide (vote) in each cluster about the master/slave rol.
I don´t know if this information is helpfull.
Thanks again.
what kind of transport did you use? That is the most important information.
I did never used that one but I guess it uses Syslog? You should check the syslog format that you send - as the one with the false source might have configured something different.
You could create a RAW input and point your servers to that one and compare the received messages.
Yes , sorry, i don´t give this information before.
I am using udp to send the log to graylog, but i test with udp too, and same result.
I will créate this raw input and let you know
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.