Adding Graylog to rSyslog Server

Grizz · January 26, 2018, 6:57pm

We’ve had this syslog server running forever but now want to implement a better way to analyze the logs. I’ve got Graylog up and running. Whats the quickest way to get it picking up all the data incoming to rsyslog? I figured if i create an Input on port 1514, then use iptables to redirect 514 to 1514 it should automatically start getting all incoming logs.

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 514 -j REDIRECT --to-port 1514

So far nothing is showing up, is there anything i’m missing or not thinking of? The input i have is:

allow_override_date: true
bind_address: 0.0.0.0
expand_structured_data: false
force_rdns: false
max_message_size: 2097152
override_source:
port: 1514
recv_buffer_size: 1048576
store_full_message: false
tcp_keepalive: false
tls_cert_file:
tls_client_auth: disabled
tls_client_auth_cert_file:
tls_enable: false
tls_key_file:
tls_key_password: ********
use_null_delimiter: false

Shane · January 26, 2018, 7:27pm

Can you perform a tcpdump and verify that the server is receiving data?

Grizz · January 26, 2018, 7:33pm

This is my mistake, firewall port wasn’t open and had Graylog set to TCP. Everythings working now!

system · February 9, 2018, 7:33pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog inputs do not seem to be working Graylog Central (peer support)	5	2920	September 7, 2018
[solved] How i get rsyslog messages in graylog? misunderstanding Graylog Central (peer support)	5	9024	February 1, 2019
Syslog 514? [Ubuntu Trusty - VM install] Graylog Central (peer support)	8	6887	August 22, 2018
Troubleshoot why logs are not coming in Graylog Central (peer support)	3	3890	August 14, 2017
Graylog 5.0.8 not recieving rsyslog messages Graylog Central (peer support)	4	326	July 14, 2023

Adding Graylog to rSyslog Server

Related topics