Application that receives logs in formats not supported natively by Graylog server, forwarding them to Graylog via GELF TCP or UDP input.
http
sinkvector
sinkvector
sink with version=2
bslawianowski/gelf-forwarder:v0.2.0
)--channel-buffer-size
messages--gelf-max-retries
--graceful-timeout
Usage of ./gelf-forwarder:
--backpressure Enable input backpressure (default true)
--channel-buffer-size uint How many messages to hold in channel buffer (default 100)
--gelf-address string Address of GELF server (default "127.0.0.1:12201")
--gelf-compression Enable compression for UDP (default true)
--gelf-max-retries int How many times to retry sending message in case of failure, -1 means infinity (default 3)
--gelf-proto string Protocol of GELf server (default "udp")
--graceful-timeout uint How many seconds to wait for messages to be sent on shutdown (default 10)
--http-address string Listen address for http input (default ":9000")
--http-basic-pass string Password for HTTP Basic authentication. Only used if username was set
--http-basic-user string Username for HTTP Basic authentication. Authentication is not required if empty (default)
--http-host-field string Name of host field (default "host")
--http-message-field string Name of message field (default "message")
--http-timestamp-field string Name of timestamp field (default "timestamp")
--input-type string Which input to start: vector, http, vectorv2 (default "http")
--tls-cert-path string Path to PEM-encoded certificate to be used for TLS server. Required if TLS was enabled
--tls-client-ca-path string Path to PEM-encoded CA bundle to be used for client certificate verification. When provided, TLS client authentication will be enabled and required
--tls-enabled Use TLS for input
--tls-key-path string Path to PEM-encoded key to be used for TLS server. Required if TLS was enabled
--vector-address string Listen address for vector v1/v2 input (default ":9000")
--vector-host-field string Name of host field (default "host")
--vector-max-message-size uint Maximum length of single Vector v1 message (default 1048576)
--vector-message-field string Name of message field (default "message")
--vector-timestamp-field string Name of timestamp field (default "timestamp"
All options can be provided via flags or environment variables, for example:
INPUT_TYPE=vector ./gelf-forwarder --gelf-proto=tcp
Docker image is available on Github's GHCR:
docker run --rm ghcr.io/eplightning/gelf-forwarder:latest --help
Messages sent to gelf-forwarder
need to contain at least two fields to work correctly:
message
- sent as short_message
to GELF serverhost
- sent as host
to GELF serverAdditionally timestamp
should be provided.
In case of HTTP input the timestamp
needs to be either unix timestamp or RFC3339 formatted date.
If timestamp
is invalid or not provided the server will default to current time.
Names of the these special fields are fully configurable (see --help
). They can't however be nested inside another object field.
All types of inputs support TLS client authentication, please refer to --tls-*
family of options.
On top of that, HTTP input additionally supports HTTP basic authentication, please refer to --http-basic-user
and --http-basic-pass
options.