Request trial
Request Trial

debugging UDP GELF stream of messages

Tags:
#1 lecko

Hi,

New to this community . I use nxlog community edition. My collegue sends from the source side (nxlog) hundreds of msgs in UDP GELF format to graylog syslog utility . Half of them are accepted, the other half get rejected with error "short_message" field is empty.

I trieded tcpdump , but nothing visible can be seen. Is there a way that nxlog can berecofigured, so that it will send msgs in more readable format, so I can decide if it is OK that those msgs are rejected. It can be even sent sent to TCP ,

Most important config details in nxlog:

Module xm_gelf ShortMessageLength -1 Module im_file File "C:\DNSLog\DNSDebug.txt" SavePos TRUE InputType LineBased Module om_udp Host x.x.x.x Port yyyy OutputType GELF

<Route 2> Path dns => out </Route>

Module im_msvistalog 
        Exec if not ($Severity == 'ERROR' or $Severity == 'CRITICAL' or $EventID IN (624, 630, 631, 634, 635, 638, 658, 662, 4624, 4625, 4720, 4726, 4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4737, 4740, 4741, 4742, 4743, 4754, 4755, 4756, 4757, 4758, 4764, 4767)) drop(); 
        Exec if ($EventID == 4769) drop();
Module om_udp Host x.x.x.x Port yyyz OutputType GELF

<Route 1> Path in => out2 </Route>

Thanks in advance.

Permalink
#2 b0ti Nxlog ✓
#1 lecko
Hi, New to this community . I use nxlog community edition. My collegue sends from the source side (nxlog) hundreds of msgs in UDP GELF format to graylog syslog utility . Half of them are accepted, the other half get rejected with error "short_message" field is empty. I trieded tcpdump , but nothing visible can be seen. Is there a way that nxlog can berecofigured, so that it will send msgs in more readable format, so I can decide if it is OK that those msgs are rejected. It can be even sent sent to TCP , Most important config details in nxlog: Module xm_gelf ShortMessageLength -1 Module im_file File "C:\DNSLog\DNSDebug.txt" SavePos TRUE InputType LineBased Module om_udp Host x.x.x.x Port yyyy OutputType GELF <Route 2> Path dns => out </Route> Module im_msvistalog Exec if not ($Severity == 'ERROR' or $Severity == 'CRITICAL' or $EventID IN (624, 630, 631, 634, 635, 638, 658, 662, 4624, 4625, 4720, 4726, 4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4737, 4740, 4741, 4742, 4743, 4754, 4755, 4756, 4757, 4758, 4764, 4767)) drop(); Exec if ($EventID == 4769) drop(); Module om_udp Host x.x.x.x Port yyyz OutputType GELF <Route 1> Path in => out2 </Route> Thanks in advance.
  • GELF_UDP is is compressed with zlib. GELF_TCP is uncompressed. This makes it easier to check the payload with tcpdum/wireshark.
  • You could try setting $ShortMessage manually.
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS