I have two graylog servers, one on an older version of graylog (server 1) that is receiving logs (version 1).
I have another graylog server (version 2), let's call it server 2 that I would like to send all the logs received at server 1 to. I would like to have a way to send all the logs received by server 1 to server 2...
You can create a "Catchall" stream which will include all ingested messages (e. g. check for the presence of the timestamp message field) and then assign a GELF output to that stream.
This would, additionally to indexing everything in ES, send all messages to your second Graylog cluster.
Related
I am writing a ROS Node, and I am currently using ROS_INFO and ROS_ERROR for messages that are shown directly on the console. Now I want to switch to syslog and I want to use the syslog function for C.
That already works fine when I duplicate the log message and send it with syslog and ROS_INF/ERROR at the same time. But now I always have two line codes for the same error message in the code. Is there an easy way to show the syslog messages also on the console?!
Br Harald
Seems like rosconsole has multiple backends and you might be able to change that at compile time. Take a look at this thread
I'm running a graylog collector sidecar (https://github.com/digiapulssi/graylog-sidecar) to send logs to my graylog. The collector is running successfully and I'm able to see the logs in my web interface.
I'm collecting logs from several sources-I have tagged them accordingly (syslog, apache, kafka, etc).
Question: Is there any way to know which tag triggers the collection of the message? For every message I see information like
tags
["apache","kafka","syslog"]
I'm really new to graylog...
I am trying to setup load balanced environment having 2 application server instances. I am unable to make spring web socket relay messages to all instances. Let's take a example to describe my problem better:
Server 1 : Responsible for job executions and 35% user load.
Server 2 : 100% user load.
Both are connected to same database schema so job request can come for any server instance but will get executed on Server 1.
Now, I have used spring web socket plugin for my GRAILS application and I push messages to browser using
brokerMessagingTemplate.convertAndSend(user.notificationChannel, ((notification.toMap(user) as JSON)).toString())
It was working fine on single server setup. But on multi-server setup,
notifications are only received on Server 1 as that is the one calling the code block, if reverse the scenario, then vice-versa result is observed.
How can I push same notification to all server instances, so that user always gets the notification no matter what server instance he is on?
I initially thought of utilising a common queue like RabitMQ but that will add to system requirements and will get disapproved by client.
NOTE: Third party service solutions won't work in my case as applications are on intranet and don't have internet access.
websockets by default point to a hostname/ip address - whilst you could setup a dns record / hostname that points to multiple different ip's / servers. This itself would break communication flow of the websockets if it sent handshake to one and the message to another.
The most simplest approach would be to think of some db table that is shared across both and as each instance comes up/alive it records its local ip / socket port to a db table - each instance can then read this table and work out at any point which are the hosts to transmit a socket message to - (this table would need to managed somehow - upon a brand new bootup ) it would be empty and would popuplate as instances came up - something again to manage when a host is taken down shutdown.
Each instance would then be running an ws internal client. When a message is sent the ws client would be triggered attempting to find all alive websocket servers "from the db" to each using the ws client it would attempt to connect and send the message on. Each would then get the message and either broadcast to all connected users or if it is from user x meant for user x then like per chat plugin it would relay it only to user x if found on server y and so on.
this then keeps it all inline with 1 technology controlling the entire process websocket server that has its own client which relay to the end multiple instance ws socket server
Is there any way that I can send a bunch of existing log files (json content) to graylog? I found few posts googling, but all deal with sending live data to graylog, and unable to find any instructions on how to send existing log file
There are various options for sending existing log messages (text files) to Graylog.
The most basic option to send line-delimited log messages (i. e. not multiline) would be to create a Raw/Plaintext TCP input and send the complete file using something like netcat (nc, netcat, ncat, socat, etc.).
# Raw/Plaintext TCP on port 5555/tcp
$ nc graylog.example.org 5555 < /path/to/file
If you like it a bit more fancy (with some preprocessing of the log file and buffering of log messages), you could create a Beats input and use Filebeat to send the file.
I configured a message processor in ESB WSO2. every now and then, all the messages are not carried out and they stay pending in the queue (message broker)
I can I can find only this log in the ESB console
"BlockingMessageSender of message processor [SAPMoveMaterialMessageProcessor] failed to send message to the endpoint"
My questions:
1, how and where can I see the real reason (detailed logs, error msg) why the message processor could not be sent out? I have defined a Fault sequence on the message processor but shows nothing
2, in case that I get this issue in the production environment is there a way how to "copy" a pending message (from the message broker queue) to my DEV environment and debug it there?
thank you very much for your ideas!
AFAIK you can get more details from enabling DEBUG logs related to message processors. You can get these in the server management console tools- >'logging' and doing a search for matches which contains 'messageprocessor' and make the log level to DEBUG.
eg:
org.wso2.carbon.message.processor.service.MessageProcessorAdminService
org.wso2.carbon.message.processor.MessageProcessorServiceComponent
As a solution for this you can try out by using a clone mediator (the use of clone mediator here is to make multiple identical copies of the message) inside the fault sequence (when pending message gets fail to consume) to persist to a database - may be to your dev environment.