Can not import content pack to graylog server

Dear Support,
I need to send log from huawei device (Switch, Router and Firewall) to graylog server.
When I download Graylog content pack (huawei_infocenter.json) from graylog marketplace and upload to graylog server, it display error message as below :
Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information.
Could you let me know how to fix it?

  • Graylog version: 5.2.1
    Thanks you

There is no such version. There is 2.4, 2.5, 2.5.1, and 3.0. You’re probably looking at your Elasticsearch version…

1 Like

I want to use it. please share your download link.

Oh, Sorry I’m confused
Graylog Server version is 2.5.1.
Could you let me know how to use graylog with Huawei device?

As you did not share the Contentpack you have choosen - I guess that it is simple not compatible with the Graylog version.

Just ingest the syslog to syslog input and work your way extracting the needed information.

Below is the link content pack that I try to use,but still error
As you mentioned above, you mean we have no way to send Huawei device syslog with graylog server?
If it can use please help to guide me also.

actually that search return two … but both should work with Graylog in the Version you have.

I can’t guide you - as I do not have such a device and can’t write a howto so something I have never touched. But find in the manual how you enable Syslog and send it to a remote server.

In Graylog create a Syslog input and use that as target for your Huawai.

Dear Support,
In graylog, I create a syslog input ( try with tcp and udp ) many times but it always fail, and I also try to import huawei_infocenter.json, it displays " Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information."
Please help to provide samples configuration or step to fix this error.

you are missing information - how should I know what you have tried when you do not share your configuration and the errors you run into?

I guess you tried to create syslog on port 514 and that does not run - the reason for that, is that 514 is a priviledge port in linux and you need to choose something above 1024 (use your search enginge to find the reason behind that).

As you did not share what content pack you try to import - get in contact with the creator of that and ask for help. Use the github repositories issues for example.

Last but not least - this is not a support channel, this is the community board of Graylog. If you want to have payed support please contact sales:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.