Send GELF log messages to Syslog-NG server
Hi people, a Graylog server is sending GELF log messages to my Syslog-NG server listening on the UDP/514 port. But when I was reading the message, I noticed it's in binary format. Maybe syslog-ng service converts GELF to binary, because the log is not in syslog format. Is it possible to make Syslog-NG listen on the UDP/12201 port for incoming GELF messages, in addition to UDP/514 syslog port ? Or what can I do to accept GELF messages in the Syslog-NG server and then read them in ASCII format ? Thanks a lot!
While syslog-ng can send logs in GELF format, I don't see anything in the documentation about it being able to receive (accept) them in this format. Steve On 8/20/2024 9:54 PM, Roberto Carna wrote:
Hi people, a Graylog server is sending GELF log messages to my Syslog-NG server listening on the UDP/514 port.
But when I was reading the message, I noticed it's in binary format. Maybe syslog-ng service converts GELF to binary, because the log is not in syslog format.
Is it possible to make Syslog-NG listen on the UDP/12201 port for incoming GELF messages, in addition to UDP/514 syslog port ?
Or what can I do to accept GELF messages in the Syslog-NG server and then read them in ASCII format ?
Thanks a lot! ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, That's right: there is no GELF source in syslog-ng. However, you should be able to send logs from Graylog using one of the syslog protocols, and those are pretty well supported by syslog-ng 🙂 Peter Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Steve Bernacki <steve@copacetic.net> Sent: Wednesday, August 21, 2024 13:13 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>; Roberto Carna <robertocarna36@gmail.com> Subject: Re: [syslog-ng] Send GELF log messages to Syslog-NG server CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. While syslog-ng can send logs in GELF format, I don't see anything in the documentation about it being able to receive (accept) them in this format. Steve On 8/20/2024 9:54 PM, Roberto Carna wrote:
Hi people, a Graylog server is sending GELF log messages to my Syslog-NG server listening on the UDP/514 port.
But when I was reading the message, I noticed it's in binary format. Maybe syslog-ng service converts GELF to binary, because the log is not in syslog format.
Is it possible to make Syslog-NG listen on the UDP/12201 port for incoming GELF messages, in addition to UDP/514 syslog port ?
Or what can I do to accept GELF messages in the Syslog-NG server and then read them in ASCII format ?
Thanks a lot! ______________________________________________________________________________ Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599432939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Pg4BURnxukMXDg6%2F1lcspXD0UPQwdh2MEyjcPy73v%2BI%3D&reserved=0<https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599445336%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=LGQyNZ4hkY%2FmlIOqL9xFi%2B5ObVtSPWNYOkcYksgRwrw%3D&reserved=0<http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599454298%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=VuBoDxRUrH%2BZZl%2Ba0739qU0ye4WkDSn3SdGQBQW6r0g%3D&reserved=0<http://www.balabit.com/wiki/syslog-ng-faq>
______________________________________________________________________________ Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599460878%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=xubmGE8kVP1CV6oLUZvOEJ8PjV7H%2FTXH6EoYP%2F4MxQw%3D&reserved=0<https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599468985%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=W%2FoZW9qq4M70b1JvahiY86BXpimbOf5SZfCmUTYjpGg%3D&reserved=0<http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599474309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Xp8VzUleJYP5RXUPXoKoup6Q%2BzhgT8CNHFgRueFXDZ0%3D&reserved=0<http://www.balabit.com/wiki/syslog-ng-faq>
participants (3)
-
Peter Czanik (pczanik)
-
Roberto Carna
-
Steve Bernacki