sorry, I noticed just after I hit send that you are wanting to get logs _to_
graylog2, not from it.
If the logs start out as flat files, and you have no other way of getting the
logs, then you need something to scrape them and send them.
you have lots of options
rsyslog will do this (but has headaches if you rotate the logs under it or name
the logs with the date)
even logger can do this.
How many different logs are you talking about?
Do you have another method of getting the logs other than scraping the files?
Do these logs have any unusual features (extremely long lines, multi-line log
messages, etc)
Do the files rotate by date, or with the 'standard' approach of mv the old file
and re-open it?
David Lang
On Wed, 10 Sep 2014, David Lang wrote:
Yes, you will need to HUP rsyslog if you replace the file it's reading.
what does graylog2 do with it's logs today? is there any option other than
just writing to a file?
David Lang
On Wed, 10 Sep 2014, Nathan Hruby wrote:
We used rsyslog with the imfile option to hoover in httpd logs written
with cronolog and forward them to graylog. worked well enough, though
we did need to hup it after cronolog switched the current logfile
sysmlink since it didn't read / recheck the file periodically. This
was using the rsyslog in EPEL for centos5 a year ago, things may be
better now.
http://www.rsyslog.com/doc/master/configuration/modules/imfile.html
There's also this:
https://github.com/josegonzalez/beaver
As well as running a small logstash ingester/forwarder.
HTH,
-n
On Wed, Sep 10, 2014 at 2:53 PM, Yves Dorfsman <y...@zioup.com> wrote:
Anybody uses graylog2?
Is there a simple "forwarder" that can be configured to send a list of
files
or directory to graylog2?
All the solutions I am finding are specific to apps (using log4j etc...)
or
very amateurish, such as "tail -f blah | netcat -xxxx" without
consideration
for when files are roated or when the shell running the tail dies. We are
evaluating different log aggregator with search facilities, and this makes
graylog2 a non-starter.
Is there really no way to do this? I find it odd considering the work that
has
been done on the server side, and how much information there is about it
out
there (so I assume it is used a lot).
Thanks.
--
Yves.
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
