Hi,
i’m using graylog 4.3.10.
Sometimes I find error messages in Graylog’s output log. Therefore, I would like to monitor this output on the Graylog console and possibly create an alert so that I can take action if necessary. Is there a way to have a dedicated stream for Graylog’s log output? How can I create an alert for this purpose?
Currently, neither the All Events nor the All System Events stream contains information about the content of the log file. In fact, they are always empty.
If you are talking about server.log you could injest it with logbeat etc. However, it is generally not “recommended” because it can lead to really bad outcomes. Basically you can create a error an error writes to the log, which then triggers another error etc. In a test environment its fine, but in production good way to make your cluster fall over.
For my Graylog Localhost, I use Linux default “Rsyslog” then create a Syslog UDP input. This way your not installing other log shippers Beat,Nxlog, etc… on Graylog.
Thanks @gsmith, @Joel_Duffield
Mi Graylog is a Docker installation (in a Kubernetes cluster). Is it always possible to retrieve the server log for ingestion into a stream? How?
Docker containers emit logs to the stdout and stderr output streams. Because containers are stateless, the logs are stored on the Docker host in JSON files by default.
You can find these JSON log files in the /var/lib/docker/containers/ directory on a Linux Docker host. Here’s how you can access them:
