I'm at the phase of just try with Graylog2. My goal is to view the application logs via graylog2 webpage. The application is hosted on windows server, log file is ABC.log. nxlog service is configured with multiline header to force Exception messages into a single log entry. Output is standard GELF_UDP.
The problem is that I can only see the beginning of each log entry from Graylog2 webpage, which is 30-50 characters at the beginning of each log event.
So I configured a second route for nxlog to check output locally before sending to Graylog2 VM Server. It shows the differences:
local file: 10:12:25.835: public class WebClient private void ExecuteClient() Logon accepted for user: ABC Normal Event
Graylog2 webpage: 10:12:25.835: public class WebClient private void ExecuteClient(
logs send to server are missing after 30-50 characters. I'm checking for days without clues.
Thanks for your helps!
GELF has this short vs full message concept which is a bit awkward. This should solve it:
Exec $ShortMessage = $raw_event;