Remote Syslog add GUI for draft-ietf-syslog-protocol-23


Recommended Posts

Graylog accepts remote syslog messages only if i manually set the protocol/format to RSYSLOG_SyslogProtocol23Format.

To do this you currently need to:

  • activate the Remote Syslog Server in the Settings GUI
  • Login via ssh as root and edit /etc/rsyslog.conf, add ";RSYSLOG_SyslogProtocol23Format" to the end of the syslog line
    *.* @@YOUR_REMOTE_SERVER_IP:514;RSYSLOG_SyslogProtocol23Format
  • Change something in the WEBUI again (not touching the remote syslog options) to reload the rsyslog service

 

After editing the config like this the GUI Options for the Remote syslog server seem to no longer have an effect.

 

Can you add a dropdown for the rsyslog format template options?

Edited by ap-wtioit
  • Like 1
Link to comment
  • 10 months later...

I think, that this is not only a valid (and unanswered) question but also a valuable "enhancement request". Not only for Graylog use case ...

from me: +1

 

Because rsyslog config via GUI is very rudimentary, an option to use a custom rsyslog.conf could be helpful.

Is there a recommendation to tune rsyslog via snippets in /etc/rsyslog.d/*.conf

 

Best regards

Oliver

Link to comment
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.