Added to the device in inputs, after pressing the button to show the message, nothing is displayed but traffic is received and the message is received. what to do? I did everything according to the documentation.
As usual it’s is probably problem of timestamps. Either your device don’t follow syslog standard, like cisco switches for example, or your device setup different timezone.
- Check your /etc/graylog/server/server.conf and setup correct timezone in parameter root_timezone (if you use user admin) and restart graylog (sudo systemctl restart graylog.service)
- If you use another user, check timezone configuration for this account in web interface
- Try to search messages in wider scale (from yesterday to tomorrow) change time search parameters to Absolute, and configure start time to start of this day, and end time to end of yesterday. (because if graylog save messages in future, it can’t be normally visible using relative search)
- If you find your messages and timestamps won’t match with real time, you have problem with bad timestamps, then you can use pipeline rule, or extractors to correct timestamps
Hope this helps
Hello, thank you very much, I did as you said, but still did not show. Then I changed the inputs method to raw / plaintext UDP and showed everything)) the added device was mikrotik
Try to next time mention your log source, because it’s not easy to help.
I tried mikrotik last time for lab, and worked for me, i didn’t remember exact steps, but I think it was problem on mikrotik site, and after I enabled
BSD Syslog option, setup correct
Src. Address and channge default
Syslog Facility, it started working.
I will also then try to enable BSD for the test. Thank you for your help.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.