Recently, I receeived a request from management to provide raw system logs to one of our clients for their internal auditing purposes. They will need logs on an ongoing basis, and have no logging infrastructure on their end which could receive parsed out Graylog events. Effectively, they were looking for 'big text files' of logs.
Due to security reasons (as well as network configuration constraints), allowing them access to our Graylog instance is a non-starter. So, my journey to get logs out of graylog began in earnest. I attempted several methods and ended up writing my own Gelf listener for events. But, let's see why.