How to send syslog to graylog
Question
we have many Centos clients (Centos 5-7). I want that all clients send logs via syslog to the graylog server. This works on clients where rsyslog is installed. But the old clients don't have rsyslog. They use syslog.
What should I change in the /etc/syslog.conf file to make it work? Thanks for any help.
2 answers
solution1
1 2016-01-27 16:23:54
Use graylog-collector for the other clients :
My conf for graylog-collector :
server-url = "http://192.168.254.184:12900/"
inputs {
win-eventlog-application {
type = "windows-eventlog"
source-name = "Application"
poll-interval = "1s"
}
win-eventlog-system {
type = "windows-eventlog"
source-name = "System"
poll-interval = "1s"
}
win-eventlog-security {
type = "windows-eventlog"
source-name = "Security"
poll-interval = "1s"
}
}
outputs {
gelf-tcp {
type = "gelf"
host = "192.168.254.184"
port = 12201
}
}
Just creat an input in graylog2 interface for GELF format!
solution2
0 2016-02-04 08:35:39
do you use the old syslog or syslog-ng? if you use syslog you can't change the output format, but if you use syslog-ng try:
# Define TCP syslog destination.
destination d_net {
syslog("graylog.example.org" port(514));
};
# Tell syslog-ng to send data from source s_src to the newly defined syslog destination.
log {
source(s_src); # Defined in the default syslog-ng configuration.
destination(d_net);
};
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.