GELF messages from Ubuntu are being truncated
My Setup:
- Graylog2 server to collect logs
- Ubuntu machine running Zimbra sending logs from various Zimbra logfiles in GELF format
My problem:
- Messaged received by Graylog are truncated.
Here is an actual message as it appeared on my Ubuntu server's "mailbox.log" file (please note that I have X'd out the email address):
2016-06-12 08:51:17,832 INFO [ImapSSLServer-95] [name=XXXXXXX@XXX.org;ip=10.10.48.74;ua=iPod touch Mail/13C75;] imap - ID elapsed=0
Here is the log as received by Graylog:
2016-06-12 08:51:17,832 INFO [ImapSSLServer-95] [name=XXXXXXX
All message seem to be truncated after exactly the same number of characters. I cannot seem to figure this out and would love some help. Below I have pasted my nxlog.conf file:
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally under
## /usr/share/doc/nxlog-ce/ and is also available online at
## http://nxlog.org/docs
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
########################################
# Modules #
########################################
<Extension gelf>
Module xm_gelf
</Extension>
<Extension syslog2>
Module xm_syslog
</Extension>
<Input mailbox.log>
Module im_file
File "/opt/zimbra/log/mailbox.log"
InputType LineBased
SavePos TRUE
</Input>
<Input access_log>
Module im_file
File "/opt/zimbra/log/access_log*"
SavePos True
</Input>
<Input audit.log>
Module im_file
File "/opt/zimbra/log/audit.log"
SavePos TRUE
</Input>
<Input clamd.log>
Module im_file
File "/opt/zimbra/log/clamd.log"
SavePos TRUE
</Input>
<Input freshclam.log>
Module im_file
File "/opt/zimbra/log/freshclam.log"
SavePos TRUE
</Input>
<Input mysql_error.log>
Module im_file
File "/opt/zimbra/log/mysql_error.log"
SavePos TRUE
</Input>
<Input mail.log>
Module im_file
File "/var/log/mail.log"
SavePos TRUE
</Input>
<Input zimbra.log>
Module im_file
File "/var/log/zimbra.log"
SavePos TRUE
</Input>
<Input syslog>
Module im_file
File "/var/log/syslog"
SavePos TRUE
</Input>
<Input zimbra-stats.log>
Module im_file
File "/var/log/zimbra-stats.log"
SavePos TRUE
</Input>
<Output out>
Module om_udp
Host 10.10.90.45
Port 5407
Exec to_syslog_snare();
</Output>
<Output out2>
Module om_udp
Host 10.10.90.45
Port 5413
OutputType GELF
</Output>
########################################
# Routes #
########################################
<Route 1>
Path mailbox.log => out
</Route>
<Route 2>
Path access_log => out
</Route>
<Route 3>
Path audit.log => out
</Route>
<Route 4>
Path clamd.log => out
</Route>
<Route 5>
Path freshclam.log => out
</Route>
<Route 6>
Path mysql_error.log => out
</Route>
<Route 7
Path mail.log => out
</Route>
<Route 8>
Path zimbra.log => out
</Route>
<Route 9>
Path syslog => out2
</Route>
<Route 10>
Path zimbra-stats.log => out
</Route>
This should help:
Exec $ShortMessage = $raw_event;
