如何导入旧的日志文件，以graylog作为输入？ [英] How to import old log files to graylog as input?

问题描述

我能够设置 graylog服务器并graylog的Web，并能设置输入生成的日志的Apache2，Tomcat和与 graylog集电极的结果帮助其他应用程序
例如。

I am able to to setup graylog-server and graylog-web and able to setup input for generated log of apache2, tomcat and other applications with the help of graylog-collector
e.g.

apache-access {
    type = "file"
    path = "/var/log/apache2/access.log"
    outputs = "gelf-tcp,console"
  }
tomcat-debug {
    type = "file"
    path = "/home/alok/packages/apache-tomcat-7.0.59/logs/mydomain.debug.log"
    outputs = "gelf-tcp,console"
  }

如何看到旧的日志文件登录graylog？我试图建立graylog集电极旧的日志文件，graylog是听它，但不能显示日志文件内容。如果有人知道实现这个请分享方式

How to see log from old log files in graylog? I tried to setup graylog-collector for old log file, graylog is listening to it but not showing content of log file. if someone know the way to achieve this please share

推荐答案

我能看到graylog的web我的旧日志文件（.log文件）的 logstash 。

I am able to see my old log files (.log file) in graylog-web with help of logstash.

我刚安装logstash创造的内容有一个简单的logstash配置文件

I just installed logstash and created a simple logstash configuration file having content

input {
  file {
    path => "/home/alok/Downloads/old_apache_access.log"
    start_position => "beginning"
  }
}

#filter {
#    add filter according to need
#}

output {
  gelf {
    host => "10.149.235.66"
 }
}

路径是我要导入到graylog我的旧日志文件的路径。结果
START_POSITION 从哪里读取日志行告诉logstash。结果
GELF 在graylog的格式输出日志。结果
主机是graylog服务器的地址。

path is path for my old log file that I want to import to graylog.
start_position tell logstash from where log lines to be read.
gelf to output logs in graylog's format.
host is address of graylog server.

现在我可以运行logstash读通过运行命令日志文件。结果
$ /选择/ logstash /斌/ logstash -f /etc/logstash/conf.d/logstash-simple.conf

now I can run logstash to read log file by running command.
$/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-simple.conf

现在我将graylog添加输入从logstash接收日志。对于在主菜单转到系统>>输入

Now I will add input in graylog for receiving logs from logstash. for that in main menu goto System >> Inputs

然后选择 GELF UDP 和劳克这个新选定的输入，并给予所有权这一点，最后点击启动按钮。

Then choose GELF UDP and lauch this newly selected input and give title to this and finally click on launch button.

现在人们可以看到新建的输入和点击查看收到的邮件，看日志

Now one can see newly created input and click on Show received messages to see logs

这篇关于如何导入旧的日志文件，以graylog作为输入？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！