How to import old log files to graylog as input?

Question

I am able to to setup graylog-server and graylog-web and able to setup input for generated log of apache2, tomcat and other applications with the help of graylog-collector
e.g.

apache-access {
    type = "file"
    path = "/var/log/apache2/access.log"
    outputs = "gelf-tcp,console"
  }
tomcat-debug {
    type = "file"
    path = "/home/alok/packages/apache-tomcat-7.0.59/logs/mydomain.debug.log"
    outputs = "gelf-tcp,console"
  }

How to see log from old log files in graylog? I tried to setup graylog-collector for old log file, graylog is listening to it but not showing content of log file. if someone know the way to achieve this please share

Answer 1

I am able to see my old log files (.log file) in graylog-web with help of logstash.

I just installed logstash and created a simple logstash configuration file having content

input {
  file {
    path => "/home/alok/Downloads/old_apache_access.log"
    start_position => "beginning"
  }
}

#filter {
#    add filter according to need
#}

output {
  gelf {
    host => "10.149.235.66"
 }
}

path is path for my old log file that I want to import to graylog.
start_position tell logstash from where log lines to be read.
gelf to output logs in graylog's format.
host is address of graylog server.

now I can run logstash to read log file by running command.
$/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-simple.conf

Now I will add input in graylog for receiving logs from logstash. for that in main menu goto System >> Inputs

Then choose GELF UDP and lauch this newly selected input and give title to this and finally click on launch button.

Now one can see newly created input and click on Show received messages to see logs