[syslog-ng] Send GELF log messages to Syslog-NG server

Wed Aug 21 11:25:09 UTC 2024

Hi,

That's right: there is no GELF source in syslog-ng. However, you should be able to send logs from Graylog using one of the syslog protocols, and those are pretty well supported by syslog-ng 🙂

Peter

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik

________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Steve Bernacki <steve at copacetic.net>
Sent: Wednesday, August 21, 2024 13:13
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>; Roberto Carna <robertocarna36 at gmail.com>
Subject: Re: [syslog-ng] Send GELF log messages to Syslog-NG server

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

While syslog-ng can send logs in GELF format, I don't see anything in
the documentation about it being able to receive (accept) them in this
format.

Steve

On 8/20/2024 9:54 PM, Roberto Carna wrote:
> Hi people, a Graylog server is sending GELF log messages to my Syslog-NG
> server listening on the UDP/514 port.
>
> But when I was reading the message, I noticed it's in binary format.
> Maybe syslog-ng service converts GELF to binary, because the log is
> not in syslog format.
>
> Is it possible to make Syslog-NG listen on the UDP/12201 port for
> incoming GELF messages, in addition to UDP/514 syslog port ?
>
> Or what can I do to accept GELF messages in the Syslog-NG server and
> then read them in ASCII format ?
>
> Thanks a lot!
> ______________________________________________________________________________
> Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599432939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Pg4BURnxukMXDg6%2F1lcspXD0UPQwdh2MEyjcPy73v%2BI%3D&reserved=0<https://lists.balabit.hu/mailman/listinfo/syslog-ng>
> Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599445336%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=LGQyNZ4hkY%2FmlIOqL9xFi%2B5ObVtSPWNYOkcYksgRwrw%3D&reserved=0<http://www.balabit.com/support/documentation/?product=syslog-ng>
> FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599454298%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=VuBoDxRUrH%2BZZl%2Ba0739qU0ye4WkDSn3SdGQBQW6r0g%3D&reserved=0<http://www.balabit.com/wiki/syslog-ng-faq>
>
______________________________________________________________________________
Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599460878%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=xubmGE8kVP1CV6oLUZvOEJ8PjV7H%2FTXH6EoYP%2F4MxQw%3D&reserved=0<https://lists.balabit.hu/mailman/listinfo/syslog-ng>
Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599468985%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=W%2FoZW9qq4M70b1JvahiY86BXpimbOf5SZfCmUTYjpGg%3D&reserved=0<http://www.balabit.com/support/documentation/?product=syslog-ng>
FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C02%7Cpeter.czanik%40oneidentity.com%7Ce8b871b86e194dbefc1c08dcc1d352f1%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C638598360599474309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Xp8VzUleJYP5RXUPXoKoup6Q%2BzhgT8CNHFgRueFXDZ0%3D&reserved=0<http://www.balabit.com/wiki/syslog-ng-faq>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20240821/d7850ef7/attachment-0001.htm>