
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>


</head>


<body dir="ltr">


<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


Hi,</div>


<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


That's right: there is no GELF source in syslog-ng. However, you should be able to send logs from Graylog using one of the syslog protocols, and those are pretty well supported by syslog-ng 🙂</div>


<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


Peter</div>


<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


<br>


</div>


<div id="Signature">


<div style="direction: ltr; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


Peter Czanik (CzP) <peter.czanik@oneidentity.com><br>


Balabit (a OneIdentity company) / syslog-ng upstream<br>


<a href="https://syslog-ng.com/community/" target="_blank">https://syslog-ng.com/<wbr>community/</a><br>


<a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a></div>


<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"><br>


</span></div>


<div id="appendonsend"></div>


<hr style="display:inline-block;width:98%" tabindex="-1">


<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Steve Bernacki <steve@copacetic.net><br>


<b>Sent:</b> Wednesday, August 21, 2024 13:13<br>


<b>To:</b> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>; Roberto Carna <robertocarna36@gmail.com><br>


<b>Subject:</b> Re: [syslog-ng] Send GELF log messages to Syslog-NG server</font>


<div> </div>


</div>


<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">


<div class="PlainText">CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<br>


<br>


<br>


While syslog-ng can send logs in GELF format, I don't see anything in<br>


the documentation about it being able to receive (accept) them in this<br>


format.<br>


<br>


Steve<br>


<br>


On 8/20/2024 9:54 PM, Roberto Carna wrote:<br>


> Hi people, a Graylog server is sending GELF log messages to my Syslog-NG<br>


> server listening on the UDP/514 port.<br>


><br>


> But when I was reading the message, I noticed it's in binary format.<br>


> Maybe syslog-ng service converts GELF to binary, because the log is<br>


> not in syslog format.<br>


><br>


> Is it possible to make Syslog-NG listen on the UDP/12201 port for<br>


> incoming GELF messages, in addition to UDP/514 syslog port ?<br>


><br>


> Or what can I do to accept GELF messages in the Syslog-NG server and<br>


> then read them in ASCII format ?<br>


><br>


> Thanks a lot!<br>


> ______________________________________________________________________________<br>


> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599432939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Pg4BURnxukMXDg6%2F1lcspXD0UPQwdh2MEyjcPy73v%2BI%3D&reserved=0</a><br>


> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">


https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599445336%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=LGQyNZ4hkY%2FmlIOqL9xFi%2B5ObVtSPWNYOkcYksgRwrw%3D&reserved=0</a><br>


> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq">https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599454298%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=VuBoDxRUrH%2BZZl%2Ba0739qU0ye4WkDSn3SdGQBQW6r0g%3D&reserved=0</a><br>


><br>


______________________________________________________________________________<br>


Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599460878%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=xubmGE8kVP1CV6oLUZvOEJ8PjV7H%2FTXH6EoYP%2F4MxQw%3D&reserved=0</a><br>


Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">


https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599468985%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=W%2FoZW9qq4M70b1JvahiY86BXpimbOf5SZfCmUTYjpGg%3D&reserved=0</a><br>


FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq">https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599474309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Xp8VzUleJYP5RXUPXoKoup6Q%2BzhgT8CNHFgRueFXDZ0%3D&reserved=0</a><br>


<br>


</div>


</span></font></div>


</body>


</html>