Closed arugifa closed 10 years ago
+1 run in this error too ... fixed it by using logstash in the middle and send gelf messages via amqp to graylog (i need this for other logfiles, so nothing new for me) ...
Looking into this, thanks.
It seams to be a problem with the parseHost() function in SyslogProcessor.java. This function returns msg.getHost(), and so, the problem is not specific to graylog2-server but to syslog4j (org.productivity.java.syslog4j.server.SyslogServerEventIF).
But if we replace "return msg.getHost()" by "return remoteAddress.getHostAddress()", the problem is solved :)
we will address this in the syslog parser rewrite. i'll add your example as a test case.
FYI: The same issue exists in 0.11.0 build. I encounter process name with PID instead of host name.
Hi,
The problem is present in last version :( in 0.12
Find a solution : in rsyslog :+1:
$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %HOSTNAME% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n" $ActionForwardDefaultTemplate GRAYLOG2
This can be solved in v0.20.0 using the newly introduced extractors!
I just encoutered this issue in graylog 2.0.0-beta.1. Shouldn't source by default have ip instead of trying to extract from syslog msg?
Hi,
I have a problem with the syslog parser. For exemple, with the following log :
<46>Mar 20 15:22:38 host_srv01 rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="8767" x-info="http://www.rsyslog.com";] (re)start
graylog2-web-interface displays "Mar" as the host source of the log (so it displays the name of the month instead of the host name).
But when I active the DNS lookup (RNDS) in graylog2-server, graylog2-web-interface displays the correct host name "host_srv01".
I don't know how graylog2 find the host source of the log (log analysis or retrieval from the ip source of the tcp/udp datagram).
Looking the source code, in SyslogProcessor.java, I see:
if (remoteAddress == null) { remoteAddress = InetAddress.getLocalHost(); }
So theorically, graylog2 should use in the worst case the IP of the localhost. Maybe the problem is in SyslogDispatcher.java (a wrong IP address is sended to SyslogProcessor.java?):
InetSocketAddress remoteAddress = (InetSocketAddress) e.getRemoteAddress(); ... this.processor.messageReceived(new String(readable), remoteAddress.getAddress());
Thanks. Best Regards.