Skip to Content

Sending Data to the Graylog by using GELF and get the Logging data on Graylog console:

As Graylog principle that it get the Logging information by sending the data from our application layer.

1.Create the Input in the Graylog and Create the Content pack

2.Export/Download the content pack

3.Upload the Content Pack

4.Configure the GELF library for Logback library

5.Configure the logback.xml file

6.Run the application

7.Check the logging data in the Graylog Console.

1.Create the Input in the Graylog and Create the Content pack:

Configure the input in the Graylog for GELF TCP:

1.Select GELF TCP

pastedImage_0.jpg

2.Click on the “Launch new input” button and enter the required details as like below screen,

pastedImage_1.jpg

3.Click on the “Launch” button.

then you should see the Gelfjava(GELF TCP) input appear on the Graylog console.

   
  pastedImage_2.jpg

2.Export/Download the content pack:

Content pack:Content packs are bundles of Graylog input, extractor, stream, dashboard, and output configurations that can provide full support for a data source. Content packs are available in the Graylog the marketplace , so required Content Packs can be imported using the Graylog web interface.

Go to System-> Select Content Packs->Click on Create a content pack button.

 
  pastedImage_3.jpg

Then page will be navigated to the “Create a content pack” page and fill the required fields.

  
 
  pastedImage_4.jpg

Then click on the “Download my content pack” button which locates at the same page I.e Create a content pack page. So one content-pack.json file will be downloaded.

 
  pastedImage_5.jpg

Later downloaded the file “content-pack.json” and save at a system drive.

Then go back to the Content Packs, click on the button “Import content pack”

pastedImage_6.jpg

3.Upload the Content Pack:

Click on the Choose File button and select content_pack.json file from system and “click” upload button.

pastedImage_7.jpg

  Later created content pack is located in the same Content Packs page with Category name(here Operating Systems).

Click on this Category name(here Operating Systems) , then Content pack name (here logback-Gelf) will be appeared which is created by us. Select the Radio Button->click on the Apply content button.

pastedImage_8.jpg

  Then will get message on top of the page like “Success! Bundle applied successfully

pastedImage_9.jpg

4.Configure the GELF library for Logback library:

GELF / Sending from applications:

The Graylog Extended Log Format (GELF) is a log format that avoids the shortcomings of classic plain syslog and is perfect to logging from your application layer. It comes with optional compression, chunking and most importantly a clearly defined structure. There are dozens of GELF libraries for many frameworks and programming languages to get you started.

Here I chosen logback-gelf library .

  Setup with our application:

Add dependency in the POM.xml file of MAVEN,

   <dependency>

<groupId>me.moocar</groupId>

<artifactId>logback-gelf</artifactId>

<version>0.3</version>

</dependency>

5.Configure the logback.xml file :

Add the logback.xml file in the application.

Configurations in the logback.xml,

  1. Add the RemoteHost
  2. Add the Port Number
  3. Add the Host

  <?xml version=“1.0” encoding=“UTF-8”?>

<configuration>

<!–Use TCP instead of UDP–>

<appender name=“GELF TCP APPENDER” class=“me.moocar.logback.net.SocketEncoderAppender”>

<remoteHost>000.00.00.00</remoteHost>

<port>12201</port>

<encoder class=“ch.qos.logback.core.encoder.LayoutWrappingEncoder”>

<layout class=“me.moocar.logbackgelf.GelfLayout”>

<!–An example of overwriting the short message pattern–>

<shortMessageLayout class=“ch.qos.logback.classic.PatternLayout”>

<pattern>%ex{short}%.100m</pattern>

</shortMessageLayout>

<!– Use HTML output of the full message. Yes, any layout can be used (please don’t actually do this)–>

<fullMessageLayout class=“ch.qos.logback.classic.html.HTMLLayout”>

  <pattern>%relative%thread%mdc%level%logger%msg</pattern>

</fullMessageLayout>

<useLoggerName>true</useLoggerName>

<useThreadName>true</useThreadName>

<useMarker>true</useMarker>

<host>000.00.00.00</host>

  <additionalField>ipAddress:_ip_address</additionalField>

  <additionalField>requestId:_request_id</additionalField>

<includeFullMDC>true</includeFullMDC>

<fieldType>requestId:long</fieldType>

<!–Facility is not officially supported in GELF anymore, but you can use staticFields to do the same thing–>

<staticField class=“me.moocar.logbackgelf.Field”>

<key>_facility</key>

<value>Gelfjava</value>

</staticField>

</layout>

</encoder>

</appender>

<root level=“debug”>

<appender-ref ref=“GELF TCP APPENDER” />

</root>

</configuration>

 
  6.Run the application:

Run the application.

pastedImage_10.jpg

Then Go to browser and refresh the Graylog URL and click System->Inputs and then you should see the below screen.

pastedImage_11.jpg

  Note: As per above screen you can find round red color at top center, it is because of that if already Gelfjava(GELF TCP) is available then Graylog server says that the particular connection is available. For this link graylog server made as failed connection.

So as a Graylog administrator can able to delete failed connection.

7.Check the logging data in the Graylog Console:

Then you can Click on the “Show Received Messages”,later you we can see the collection of/bundles of log messages as below screen.

pastedImage_12.jpg

Some times will get “Nothing Found” instead of above screen,










then we have to set the Port numbers in the System Network of Remote Host.

Refer Links:1. Overview on the Graylog

                  2.Installation Steps of Graylog-Part1

                  3.Installation Steps of Graylog-Part2

                  4.Demo On Configuring Graylog input and get messages

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply