Home / server / Questions / 592834
In Process
Goro
Asked: 2014-05-03 15:23:46 +0800 CST

How to forward arbitrary files to graylog2 with rsyslog

  • 772

I have some random files that I would like to collect and forward to my logging server. These are applications that don't really support GELF, so I am trying to forward these files with rsyslog:

# Apache access log
input(type="imfile" File="/var/log/misc/blah.log"
Tag="Apache Access Log"
StateFile="statefile1")


*.* @@log.ospreyreach.com:12514

Some issues/questions:

  1. This forwards all the syslog files. How can I specify only certain specific files to get forwarded?
  2. This does not seem to collect any data from the file I defined. I see regular syslog messages popping up in my graylog server, but not that file.
logging

1 Answers

  1. Try this LEGACY rsyslog formatted version: 

    # Forward apache logs to graylog2 server
$ModLoad imfile # needs to be done just once

$InputFileName /var/log/httpd/access.log
$InputFileTag ApacheAccessLog:
$InputFileStateFile access.log.statefile
$InputFileFacility local4
$InputFileSeverity info
$InputRunFileMonitor

$InputFileName /var/log/httpd/error.log
$InputFileTag ApacheErrorLog:
$InputFileStateFile error.log.statefile
$InputFileFacility local4
$InputFileSeverity error
$InputRunFileMonitor

local4.*                        @@log.ospreyreach.com:12514
& stop

    You can do similar entries for your other log files.

    After that, create some extractors on your graylog2 server for the 12514/TCP input. This will give you some fine grain options for graphs etc.

    • 1