Hi,
I've got a logstash configuration I can't quite get to work. I'm attempting use a lumberjack input and a syslog input and ship the received messages to a file output and a GELF output. The GELF receiver is a Graylog server.
The messages coming into the Lumberjack input seem to be going to both the files and the Graylog server. The message from syslog are being written to the files, but aren't showing up in Graylog. I'm assuming that they aren't being sent, but I'm unsure how to confirm that.
I am using logstash 1.4.2. The configuration file is this:
input {
lumberjack {
# The port to listen on
port => 30306
ssl_certificate => "/etc/pki/tls/certs/logfiles.crt"
ssl_key => "/etc/pki/tls/keys/logstash.key"
type => "log-central"
}
syslog {
port => 1514
add_field => {"file" => "/var/log/maillog"}
type => "syslog"
}
}
filter {
grok {
match => ["file", "%{GREEDYDATA}/%{GREEDYDATA:filename}$"]
}
mutate {
type => "syslog"
replace => [ "host", "%{logsource}"]
}
}
output {
gelf {
host => 'log01.lax'
}
file {
path => '/data/logs/%{host}/%{filename}'
}
}
Any help getting the syslog entries sent out the GELF interface would be appreciated.
Thanks,
Chuck