3
responses

My Setup:

  • Graylog2 server to collect logs
  • Ubuntu machine running Zimbra sending logs from various Zimbra logfiles in GELF format

My problem:

  • Messaged received by Graylog are truncated.

Here is an actual message as it appeared on my Ubuntu server's "mailbox.log" file (please note that I have X'd out the email address):

2016-06-12 08:51:17,832 INFO  [ImapSSLServer-95] [name=XXXXXXX@XXX.org;ip=10.10.48.74;ua=iPod touch Mail/13C75;] imap - ID elapsed=0

Here is the log as received by Graylog:

2016-06-12 08:51:17,832 INFO [ImapSSLServer-95] [name=XXXXXXX

All message seem to be truncated after exactly the same number of characters. I cannot seem to figure this out and would love some help. Below I have pasted my nxlog.conf file:

## This is a sample configuration file. See the nxlog reference manual about the

## configuration options. It should be installed locally under

## /usr/share/doc/nxlog-ce/ and is also available online at

## http://nxlog.org/docs

########################################

# Global directives                    #

########################################

User nxlog

Group nxlog

LogFile /var/log/nxlog/nxlog.log

LogLevel INFO

########################################

# Modules                              #

########################################

<Extension gelf>

    Module      xm_gelf

</Extension>

<Extension syslog2>

    Module    xm_syslog

</Extension>

<Input mailbox.log>

        Module  im_file

        File    "/opt/zimbra/log/mailbox.log"

    InputType LineBased

    SavePos    TRUE

</Input>

<Input access_log>

    Module    im_file

    File    "/opt/zimbra/log/access_log*"

    SavePos True

</Input>

<Input audit.log>

    Module    im_file

    File    "/opt/zimbra/log/audit.log"

    SavePos    TRUE

</Input>

<Input clamd.log>

    Module    im_file

    File    "/opt/zimbra/log/clamd.log"

    SavePos    TRUE

</Input>

<Input freshclam.log>

    Module    im_file

    File    "/opt/zimbra/log/freshclam.log"

    SavePos    TRUE

</Input>

<Input mysql_error.log>

    Module    im_file

    File    "/opt/zimbra/log/mysql_error.log"

    SavePos TRUE

</Input>

<Input mail.log>

    Module    im_file

    File    "/var/log/mail.log"

    SavePos TRUE

</Input>

<Input zimbra.log>

    Module im_file

    File    "/var/log/zimbra.log"

    SavePos TRUE

</Input>

<Input syslog>

    Module im_file

    File    "/var/log/syslog"

    SavePos    TRUE

</Input>

<Input zimbra-stats.log>

    Module im_file

    File    "/var/log/zimbra-stats.log"

    SavePos TRUE

</Input>

<Output out>

    Module      om_udp

    Host        10.10.90.45

    Port        5407

    Exec    to_syslog_snare();

</Output>

<Output out2>

    Module    om_udp

    Host    10.10.90.45

    Port    5413

    OutputType    GELF

</Output>

########################################

# Routes                               #

########################################

<Route 1>

    Path        mailbox.log => out

</Route>

<Route 2>

    Path    access_log => out

</Route>

<Route 3>

    Path    audit.log => out

</Route>

<Route 4>

    Path    clamd.log => out

</Route>

<Route 5>

    Path    freshclam.log => out

</Route>

<Route 6>

    Path    mysql_error.log => out

</Route>

<Route 7

    Path    mail.log => out

</Route>

<Route 8>

    Path    zimbra.log => out

</Route>

<Route 9>

    Path    syslog => out2

</Route>

<Route 10>

    Path    zimbra-stats.log => out

</Route>

 

AskedJune 12, 2016 - 9:19am

Answer (1)