File tree Expand file tree Collapse file tree 1 file changed +41
-0
lines changed Expand file tree Collapse file tree 1 file changed +41
-0
lines changed Original file line number Diff line number Diff line change @@ -16,6 +16,47 @@ Allows to send syslog messages with TCP or UDP formatted as plain text (classic)
1616 * Restart Graylog2
1717 * Create new output globally or inside stream.
1818
19+ ## How to configure
20+
21+ * Protocol: use tcp or udp
22+ * Host: Hostname with syslog
23+ * Port: Port for syslog, usually 514
24+ * Format: Specify one of plain, structured, full, cef or custom: FQCN (see below for explanation on values)
25+
26+ ## Supported formats
27+
28+ ### plain
29+
30+ Standard plain syslog format. Minimal information.
31+ Example:
32+ ````
33+ <14>Mar 31 19:19:02 nginx runit-service - GET /test1/x HTTP/1.1
34+ ````
35+
36+ ### structured
37+
38+ Based on rfc5424. Sends all fields + log message.
39+ Example:
40+ ````
41+ <14>1 2016-03-31T19:31:46.358Z graylog unknown - nginx [all@0 request_verb="GET" remote_addr="192.168.1.37" response_status="404" from_nginx="true" level="6" connection_requests="1" http_version="1.1" response_bytes="1906" source="nginx" message="GET /test1/2 HTTP/1.1" gl2_source_input="566c96abe4b094dfbc2661a8" version="1.1" nginx_access="true" http_user_agent="Wget/1.15 (linux-gnu)" remote_user="-" connection_id="1755" http_referer="-" request_path="/test1/2" gl2_source_node="bebd092c-85d7-49a3-8188-f7af734747fb" _id="34cb0f40-f777-11e5-b30c-0800276c97db" millis="0.002" facility="runit-service" timestamp="2016-03-31T19:31:46.000Z"] GET /test1/2 HTTP/1.1
42+ ````
43+
44+ ### cef
45+
46+ Common event format aka HP ArcSight format. This is Work in progress as I don`t have access to HP ArcSight instance. Please leave your feedback in issues.
47+
48+ ### full
49+
50+ A variation of structured format except full message is added.
51+ Example:
52+ ````
53+ <14>1 2016-03-31T19:19:02.524Z graylog unknown - nginx [all@0 request_verb="GET" remote_addr="192.168.1.37" response_status="404" from_nginx="true" level="6" connection_requests="1" http_version="1.1" response_bytes="1906" source="nginx" message="GET /test1/x HTTP/1.1" gl2_source_input="566c96abe4b094dfbc2661a8" version="1.1" nginx_access="true" http_user_agent="Wget/1.15 (linux-gnu)" remote_user="-" connection_id="970" http_referer="-" request_path="/test1/x" gl2_source_node="bebd092c-85d7-49a3-8188-f7af734747fb" _id="6d833da0-f775-11e5-b30c-0800276c97db" millis="0.002" facility="runit-service" timestamp="2016-03-31T19:19:02.000Z"] source: nginx | message: GET /test1/x HTTP/1.1 { request_verb: GET | remote_addr: 192.168.1.37 | response_status: 404 | from_nginx: true | level: 6 | connection_requests: 1 | http_version: 1.1 | response_bytes: 1906 | gl2_source_input: 566c96abe4b094dfbc2661a8 | version: 1.1 | nginx_access: true | http_user_agent: Wget/1.15 (linux-gnu) | remote_user: - | connection_id: 970 | http_referer: - | request_path: /test1/x | gl2_source_node: bebd092c-85d7-49a3-8188-f7af734747fb | _id: 6d833da0-f775-11e5-b30c-0800276c97db | millis: 0.002 | facility: runit-service | timestamp: 2016-03-31T19:19:02.000Z }
54+ ````
55+
56+ ### custom: FQCN
57+
58+ Specify your implementation of com.wizecore.graylog2.plugin.MessageSender interface.
59+
1960## Links
2061
2162 * https://tools.ietf.org/html/rfc5424
You can’t perform that action at this time.
0 commit comments