May 2, 2019, 12:10pm
Ubuntu rsyslog custom file log monitoring
I have issue with instead of system Hostname showing network gateway, when adding ubuntu rsyslog custom log file monitoring.( log file created manually ,that content forwared to ubuntu syslog file and taken in graylog.
if any solution please share.
May 2, 2019, 8:16pm
would you please be so kind and add some more words what you try todo. What your current state is, what you had already tried and what your desired outcome is.
I guess that your question might also be answered already and please you to use the sarch function in this community.
May 3, 2019, 7:54am
Collecting logs from ubuntu via rsyslog to graylog server.
Actually i want to collect ubuntu screen locks logs to graylog .
dbus-monitor --session “type=‘signal’,interface=‘com.canonical.Unity.Session’”
this script run in cronjob and out put write to /var/log/custom.log file. then i make changes in rsyslog configration.
add one conf file custom.conf in /etc/rsyslog.d/
(this for screen lock logs write to syslog)
custom.conf --> file content vi /etc/rsyslog.d/app.conf
restart the rsyslog service
After this i got ubuntu screen locks in graylog console but issue have graylog source field shows network gateway ip instead of ubuntu client hostname.
if any solution have please ping with me.
It seems your logs d’ont respect the syslog format, so Graylog Syslog Input does not manage to read the right source field.
Can you provide a log sample ?
Which type of Input do you use in Graylog ? Syslog ? Raw ?
May 3, 2019, 9:35am
grylog = syslog TCP, ubuntu client syslog Tcp
. @ @10.10.1.199:1514;RSYSLOG_SyslogProtocol23Format
Check with tcpdump the log sent to Graylog:
tcpdump -AAAnni eth0 port 1514
Provide us the log content.
10.10.1.199 is the Graylog IP ? or a syslog relay ?
May 17, 2019, 11:37am
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.