0

我已经通过 NXlog 成功将日志发送到 Graylog2。但是 NXlog 和 Graylog2 都在同一台服务器上运行。现在我想通过 NXlog 从另一台服务器发送日志到 Graylog2,但根本不工作。你能帮我吗?这是我的 NXlog 配置:

User i_cdp
Group int

Panic Soft

#define CERTDIR /opt/cdp/nxlog/opt/var/lib/nxlog/cert
define CONFDIR /opt/cdp/nxlog/opt/var/lib/nxlog
define LOGDIR /opt/cdp/nxlog/opt/var/log/nxlog
define LOGFILE "%LOGDIR%/nxlog.log"

SpoolDir /opt/cdp/nxlog/opt/var/spool/nxlog

# default values:
PidFile /opt/cdp/nxlog/opt/var/run/nxlog/nxlog.pid
CacheDir /opt/cdp/nxlog/opt/var/spool/nxlog
ModuleDir /opt/cdp/nxlog/opt/libexec/nxlog/modules

<Extension _syslog>
    Module      xm_syslog
</Extension>


<Extension gelf>
    Module      xm_gelf
</Extension>

<Input in>
    Module      im_file
    File       "/opt/cdp/jboss-eap/jboss/standalone/log/*.log*"
    Exec if $raw_event =~ /(\d\d\d\d\-\d\d-\d\d \d\d:\d\d:\d\d)/ $EventTime = parsedate($1);
    Exec $Hostname = 'bsul0850';
    Exec if $raw_event =~ /ERROR/ $SyslogSeverityValue = 3; \
    else $SyslogSeverityValue = 6;
    Exec $FileName = file_name();
    Exec if $raw_event =~ /WARN/ $Message = 'IMPORTANT!! ' + $raw_event;
    Exec $SourceName = 'jboss';
</Input>


<Output out>
    Module   om_udp
    Host    10.41.66.84
    Port    12009
    OutputType GELF
</Output>


<Route r1>
    Path        in => out
</Route>

<Extension _charconv>
    Module      xm_charconv
    AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>

<Extension _exec>
    Module      xm_exec
</Extension>

<Extension _fileop>
    Module      xm_fileop
    # Check the size of our log file every hour and rotate if it is larger than 5Mb
    <Schedule>
        Every   1 hour
        Exec    if (file_exists(%LOGFILE%) and (file_size(%LOGFILE%) >= 5M)) file_cycle(%LOGFILE%, 8);
    </Schedule>

    # Rotate our log file every week on sunday at midnight
    <Schedule>
        When    @weekly
        Exec    if file_exists(%LOGFILE%) file_cycle(%LOGFILE%, 8);
    </Schedule>
</Extension>

我已经打开了端口 12009,用于在带有 Nxlog 的服务器和带有 Graylog2 的服务器之间建立连接。然后我在 Graylog-Gui 上配置了一个输入: 输入(端口 12009 上的 GELF UDP) 但是当我检查连接时,我只得到:

[i_cdp@bsul0850 etc]$ ssh -vvv bsul0959 -p 12009
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to bsul0959 [10.41.66.84] port 12009.
debug1: connect to address 10.41.66.84 port 12009: Connection refused
ssh: connect to host bsul0959 port 12009: Connection refused

它说,拒绝。所以有一种联系,因为我没有超时或类似的东西,对吗?Graylog 服务器只是不接受连接。那么,我的配置有什么问题?Graylog 没有收到任何东西。

先感谢您 :)

4

1 回答 1

0

使用 ssh 检查打开的端口有点奇怪。请注意,ssh 使用 TCP,而 Graylog 正在侦听 UDP 端口,因此您需要对此进行不同的诊断。

于 2016-10-09T18:14:23.310 回答