Graylog Log Collection Process examples

Graylog 's Log collection work is similar to Logslash and is a process that needs to be input-filter-output .

Here are three of the most common log records to illustrate.

??

1,TCP message Log

??

??

Setup complete discovery takes effect immediately and does not require a restart

TCP6 0 0:: 1:9300:::* LISTEN 1013/java

TCP6 0 0::: 33333:::* LISTEN 1010/java

??

test it on any Linux machine that installs NC :

[[email protected] test]# echo ' Date ' | NC 192.168.1.135 33333

[Email protected] test]#

??

Review the results and have received.

??

2,syslog log

Login GRAYLOG2 Management background, you can directly add a variety of input interface. This is received via syslog UDP , so select syslog UDP. However, it is important to note that using the 514 port will prompt Permission denied because Linux non -root users cannot use the following port numbers, So here I set the port number to 1514.

Add the following file

# more/etc/rsyslog.d/graylog.conf

$template GRAYLOGRFC5424, "<%pri%>%protocol-version%%timestamp:::d ate-rfc3339%%hostname%%app-name%%procid% %msg%\n "

* * @192.168.1.135:1514; GRAYLOGRFC5424

Restart Rsyslogd

# systemctl Restart Rsyslog

Look at the effect, this is the history record.

??

3,Windows log

need to install Graylog-collector plug-in, can be downloaded to the official website.

Run the installation script directly after decompression

E:\graylog\graylog-collector-0.5.0>bin\graylog-collector-service.bat Install Graylogcollector

Installing Service for Graylog Collector

??

Service Name: "Graylogcollector"

Java_home: "C:\Program files\java\jdk1.8.0_77"

ARCH: "x64"

??

Service ' Graylogcollector ' has been installed

??

E:\graylog\graylog-collector-0.5.0>bin\graylog-collector-service.bat Start Graylogcollector

Service ' Graylogcollector ' has been started

??

E:\graylog\graylog-collector-0.5.0>

Effect

??

??

Graylog Log Collection Process examples