Added to the device in inputs

Added to the device in inputs, after pressing the button to show the message, nothing is displayed but traffic is received and the message is received. what to do? I did everything according to the documentation.

As usual it’s is probably problem of timestamps. Either your device don’t follow syslog standard, like cisco switches for example, or your device setup different timezone.

  1. Check your /etc/graylog/server/server.conf and setup correct timezone in parameter root_timezone (if you use user admin) and restart graylog (sudo systemctl restart graylog.service)
  2. If you use another user, check timezone configuration for this account in web interface
  3. Try to search messages in wider scale (from yesterday to tomorrow) change time search parameters to Absolute, and configure start time to start of this day, and end time to end of yesterday. (because if graylog save messages in future, it can’t be normally visible using relative search)
  4. If you find your messages and timestamps won’t match with real time, you have problem with bad timestamps, then you can use pipeline rule, or extractors to correct timestamps

Hope this helps

1 Like

Hello, thank you very much, I did as you said, but still did not show. Then I changed the inputs method to raw / plaintext UDP and showed everything)) the added device was mikrotik

Try to next time mention your log source, because it’s not easy to help.
I tried mikrotik last time for lab, and worked for me, i didn’t remember exact steps, but I think it was problem on mikrotik site, and after I enabled BSD Syslog option, setup correct Src. Address and channge default Syslog Facility, it started working.

I will also then try to enable BSD for the test. Thank you for your help.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.