3

I am using logstash to send messages to graylog server. I have been successful in sending messages directly to elasticsearch or stdout or loggly. I have also been successful in sending messages to graylog server using cURL.

curl -XPOST http://graylog.example.org:12202/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "_foo":"bar"}'

Here is the command I am using to send data using logstash to graylog

bin/logstash -e 'input { stdin {} } output { gelf {host => "graylog.example.org" port => 12202 } }' < LOG-10

File LOG-10 has log messages. I have tried port 12201 too. I looked into debug messages from logstash but that was also not useful.

user868643
  • 281
  • 4
  • 11
  • Test the connectivity from the logstash machine to the graylog machine on that port (telnet or nc). Check the graylog logs. – Alain Collins Mar 31 '15 at 20:04
  • I am running curl and logstash on same machine and using same port. I did not see any thing in graylog logs corresponding to logstash. I am investigating port traffic, do you happen to know any good tools (netstat, tcpdump)? Thanks! – user868643 Mar 31 '15 at 21:18

1 Answers1

3

It turns out that logstash gelf.rb is not using TCP, but UDP. https://github.com/Graylog2/gelf-rb/pull/21

I had to add "GELF UDP" as one of the graylog message input (responsible for accepting log messages). This can be accessed from graylog web interface system inputs. enter image description here

user868643
  • 281
  • 4
  • 11