标签: graylog

当使用 Gelf 记录器记录警报时，我收到此错误。

运行时异常

Failed to write to socket: fwrite(): send of 136 bytes failed with errno=111 Connection refused (8)

代码

$transport = new UdpTransport("127.0.0.1", 6379, UdpTransport::CHUNK_SIZE_LAN);

$publisher = new Publisher();
$publisher->addTransport($transport);

$message = new \Gelf\Message();
$message->setShortMessage("Foobar!")
        ->setLevel(\Psr\Log\LogLevel::ALERT)
        ->setFullMessage("There was a foo in bar")
        ->setFacility("example-facility")
;

$publisher->publish($message);

$logger = new \Gelf\Logger($publisher, "example-facility");
$logger->alert("Foobaz!"); //getting error here
dd($logger);

我正在这个端口上启动redis服务器6379。但不知道为什么我遇到 fwrite 问题。

在我的graylog服务器中，我想创建一个搜索值来查找以下查询：ctxt__Error:"User \"USERNAME\" not found."。但我想找到每个用户名的任何错误。当我这样做时，我的搜索字符串不起作用：ctxt__Error:"User \"*\" not found." 还有其他方法可以做到这一点吗？

我有以下内容docker-compose.yml（稍作修改，但从此处复制）：

version: '2'
services:
  mongodb:
    image: mongo:3
    volumes:
      - /storage/mongo_data:/data/db
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1
    volumes:
      - /storage/es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  graylog:
    image: graylog/graylog:3.0
    volumes:
      - /storage/graylog_journal:/usr/share/graylog/data/journal
    environment:
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

问题是，当我运行它时docker-compose，它失败了，因为graylog和elasticsearch服务分别无法访问/storage/graylog和 …

我能够设置graylog-server和graylog-web,并能够在graylog-collector的帮助下为apache2,tomcat和其他应用程序的生成日志设置输入,
例如

apache-access {
    type = "file"
    path = "/var/log/apache2/access.log"
    outputs = "gelf-tcp,console"
  }
tomcat-debug {
    type = "file"
    path = "/home/alok/packages/apache-tomcat-7.0.59/logs/mydomain.debug.log"
    outputs = "gelf-tcp,console"
  }

如何在graylog中查看旧日志文件中的日志？我试图为旧日志文件设置graylog-collector,graylog正在监听它,但没有显示日志文件的内容.如果有人知道实现这一目标的方法请分享

我是Docker和Graylog的新手.谁能告诉我一个如何将日志数据发送到Graylog服务器的示例？