Re: [mod-security-users] Reading Concurrent Logs into Graylog
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Reading Concurrent Logs into Graylog
|
From: Jason M. <jm...@te...> - 2016-10-19 20:50:11
|
For the sake of testing, I’ve given all users full access. NXLog and Graylog are running under their own service accounts. As I mentioned previously, I’m not thinking it’s a permissions issue as I can copy a line of JSON from a serial log file on another server and insert it into a new file in the concurrent logging structure and it works fine. If I copy a line of JSON generated since I enabled concurrent logging and paste it into a new file within the logging structure, that file will not read. From: Jose Pablo Valcárcel Lázaro [mailto:pab...@gm...] Sent: Wednesday, October 19, 2016 2:39 PM To: mod...@li... Subject: Re: [mod-security-users] Reading Concurrent Logs into Graylog Hi. Have you checked if directory where nxlog send files has x permission? Under what user is running nxlog and graylog? In some applications you can map users from one server to another like I think nfs service does. Kind regards El mié., 19 de octubre de 2016 21:25, Jason Mull <jm...@te...<mailto:jm...@te...>> escribió: Hello, I’m hoping someone can assist me with this issue. I’m using Graylog to take in all of my log data, including Modsecurity. I was initially using nxlog to send serial logs in JSON format to Graylog and everything worked great until I started running into performance issues running modsecurity on a server running multiple websites and was informed that concurrent logging was better for my needs. I switched to concurrent logging, and the data is not reading into Graylog now. I feel confident that I do not have a permissions issue as I do not see permission denied errors in the nxlog error logs. Furthermore, if I copy a line of JSON logs from the serial log on another server, it reads in just fine. The issue appears to me to be with how the JSON is generated in concurrent mode. Has anyone else run into any issues similar to this? Jason ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
