[syslog-ng] Syslog-ng + graylog2 destination
László Pál
vlad at vlad.hu
Mon Oct 14 11:58:20 UTC 2019
Hi,
I’m playing with syslog-ng OSE and Graylog. In this project I try to find the best method to deliver logs from my central log server to Graylog. So far, it seems graylog2 destination looks the best, however I have a strange issue and I can’t find a solution
It seems the other side permanenty drops the connections like this
Oct 14 13:53:20 lumberjack syslog-ng[2174]: Casting error; value='', type-hint='int32'
Oct 14 13:53:20 lumberjack syslog-ng[2174]: I/O error occurred while writing; fd='481', error='Connection reset by peer (104)'
Oct 14 13:53:20 lumberjack syslog-ng[2174]: Syslog connection broken; fd='481', server='AF_INET(10.72.0.137:12201)', time_reopen='10'
Oct 14 13:53:30 lumberjack syslog-ng[2174]: Syslog connection established; fd='501', server='AF_INET(10.72.0.137:12201)', local='AF_INET(0.0.0.0:0)’
My destination config is quite simple
#Graylog native GELF destination
destination d_graylog_gelf {
graylog2(
log_fifo_size(500000)
host("10.72.0.137")
transport (tcp)
);
};
I’ve tried this with flow-control and w/o flow-control, so I think it must be some tuning issue either on Graylog side or at Syslog. What is interesting, is I don’t have such an issue if I use raw-tcp or syslog destinations toward Graylog
Thx
L:
More information about the syslog-ng
mailing list