25

I need to send a message to graylog2 server via echo to test if the %{@type} for facility is corrent, but once I do the echo thats in GELF support does not arrive in to my graylog2 server. If it restart graylog2 then the messages about it starting arrive to the graylog2 server.

Example of the echo message:

echo '{"version": "1.1","host":"example.org","short_message":"A short message that helps you identify what is going on","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}' | nc -w 1 my.graylog.server 12201

What am I doing wrong? The graylog --debug mode does not show anything. It does not even see the message come in.

Edit:

Graylog2 input is setup for GELF TCP and shows active connections and it raises when I try to echo, but nothing reaches the server as for the message goes.

Improve this question
1
  • 1
    This command works for me. The only difference is I use UDP port on graylog. Therefore I add -u parameter to nc. Commented Jul 10, 2014 at 15:48

2 Answers 2

Reset to default
39

It seems that GELF TCP input needs a null character at the end of each Gelf message.

So you should send:

echo -e '{"version": "1.1","host":"example.org","short_message":"Short message","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}\0' | nc -w 1 my.graylog.server 12201

This answer was found in a discussion on Graylog's issues.

Improve this answer
1
  • 15
    Add -uparameter to nc to use UDP Commented Nov 17, 2015 at 16:01
13

As I was trying to verify that a Logstash instance was correctly listening for GELF inputs, I've found this thread.

Here is a command that will work for Logstash + Gelf over UDP :

echo '{"version": "1.1","host":"example.org","short_message":"A short message that helps you identify what is going on","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}' | gzip | nc -u -w 1 127.0.0.1 12201

Notice that :

  • a simple echo is enough, no need for -e
  • the message is gziped, otherwise you'll get this error : Could not find parser for header: [123, 34] in Logstash logs
  • netcat is sending over UDP
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.