I need to send a message to graylog2 server via echo to test if the %{@type} for facility is corrent, but once I do the echo thats in GELF support does not arrive in to my graylog2 server. If it restart graylog2 then the messages about it starting arrive to the graylog2 server.
Example of the echo message:
echo '{"version": "1.1","host":"example.org","short_message":"A short message that helps you identify what is going on","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}' | nc -w 1 my.graylog.server 12201
What am I doing wrong? The graylog --debug mode does not show anything. It does not even see the message come in.
Edit:
Graylog2 input is setup for GELF TCP and shows active connections and it raises when I try to echo, but nothing reaches the server as for the message goes.
It seems that GELF TCP input needs a null character at the end of each Gelf message.
So you should send:
This answer was found in a discussion on Graylog's issues.
As I was trying to verify that a Logstash instance was correctly listening for GELF inputs, I've found this thread.
Here is a command that will work for Logstash + Gelf over UDP :
Notice that :
echo
is enough, no need for-e
Could not find parser for header: [123, 34]
in Logstash logs