Hi,
We should send our server logs to the two independent log servers. One of the servers is a simple syslog instance. Another one is a graylog / elk cluster. At the moment each local syslog daemon is sending logs to the remove syslog server and local nxlog, which is forwarding traffic to the graylog server. nxlog also traces some local files, so, at the end, graylog becomes more logs as syslog. We want reroute the log traffic and let nxlog distribute the logs to the remote syslog and graylog servers at the same time. To archive our goal we need to add syslog output to the nxlog configuration. Unfortunately graylog does not support other output types except GELF. But it supports custom snippets, so we can add syslog buffer+output blocks to the generated nxlog configuration.
Now the actual problem:
Inputs. Till now I have not found any way to use custom names in the nxlog Input blocks generated by graylog… Even if I can set the input name in the graylog GUI it uses strings like “5b62e0038c2ca03a791d6740” in the nxlog.conf file. Because I cannot guarantee that this name will not be changed by graylog next time the config is generated I cannot rely on it in my custom snippet as a log source.
Question:
Is there a way to force graylog to use permanent names for the Input and Processor blocks so they can be used in snippets? Or is there a chance, that graylog can support syslog output for nxlog collector-sidecar configurations?
Thank you.