Bernd Ahlers
Bernd Ahlers
I will try to answer some of @rgerhards questions. - `host` should contain the ip address or the hostname of the host that sends the message. In case of forwarding...
@jpmens True, we currently do not check this. :confused:
What about structured data? It would be nice if that can be broken up into GELF additional fields. Is that also possible with templates?
Some more notes: - The Graylog GELF TCP input currently uses a null-byte as message delimiter. This means using gzip compression does not work. :confused: - The GELF spec contains...
@friedl Yes, the null-byte delimiter is only for TCP connections. Default UDP should work, yes. I will test the template tomorrow.
The template that @friedl posted works for me on 7.4.4.
Yes, the current GELF version does not support hierarchies. For parsing RFC5424 in Graylog we are currently prefixing the keys with the SD-ID. (if configured) This isn't really nice but...
@Jeffrey778 The fixed will be part of the next stable release (5.0.7) that ships beginning of May. UPDATE: We will only backport fixes for security issues that affect Graylog.
@ceerad Feel free to open a PR for this. :slightly_smiling_face:
@ahus1 Thank you for the contribution! Graylog 4.0 now includes the core parts of this plugin by default and we are working on a similar change for that in https://github.com/Graylog2/graylog2-server/pull/9459.