英文:
Configuring Azure Activity Logs to Graylog / ELK
问题
我已将Azure活动日志导出到Blob存储。我正在使用Logstash 8.7.1版本,以及使用docker-compose将这些日志通过GelfUDP发送到Graylog的gelf输出。对于Logstash的输入,我使用Logstash的azure_blob_storage插件。
然而,Logstash无法将这些日志发送到Graylog。
我还通过stdout输出进行了检查。它显示来自Blob的所有消息。
问题可能是什么?或者我如何将Azure活动日志发送到Graylog?
英文:
I have exported Azure Activity Logs to Blob Storage.
I am using Logstash 8.7.1 version along with gelf output using docker-compose to ship these logs to Graylog using GelfUDP.
For Input of Logstash, using azure_blob_storage plugin of Logstash.
However Logstash is unable to send these logs to Graylog.
input {
azure_blob_storage {
connection_string => "DefaultEndpointsProtocol=https;AccountName=<BLOB_NAME>;AccountKey=<BLOB_ACCOUNT_KEY>;EndpointSuffix=core.usgovcloudapi.net"
container => "insights-activity-logs"
registry_create_policy => "start_over"
codec => "json"
addall => true
path_filters => ['**/*.json']
addfilename => true
prefix => "resourceId=/"
# Possible options: `do_not_break`, `with_head_tail`, `without_head_tail`
interval => 5
}
}
filter {
json {
source => "message"
}
mutate {
add_field => {"short_message" => ["This is short message"]}
add_field => { "host" => "127.0.0.1" }
}
date {
match => ["unixtimestamp", "UNIX"]
}
}
output {
gelf {
host => "127.0.0.1"
port => 12201
protocol => "UDP"
codec => "json"
}
}
I also checked with stdout output. it is showing all messages from blob.
What can be the issue? Or how can I ship Azure Activity logs to Graylog?
答案1
得分: 0
修复了这个问题,通过配置Gelf TCP输出和在Graylog中配置Gelf TCP输入。
工作正常的输出代码:
output {
gelf {
host => "127.0.0.1"
port => 12201
protocol => "TCP"
codec => "json"
}
}
英文:
Fixed this issue by configuring Gelf TCP Output and in Graylog Gelf TCP Input.
Working output code:
output {
gelf {
host => "127.0.0.1"
port => 12201
protocol => "TCP"
codec => "json"
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论