I am trying to send logs from my linux machine to my graylog server. But for some reason I do not receive any logs for some reason in my server. I made sure both the server and the host have firewall disabled.
Hello there,
Please check your IP address, it seems to be incorrect - I see 4th octet with 4 digits.
1 Like
Thanks for the help and I am sorry for that silly mistake. But I changed it and still nothing shows up. Basically I have a graylog server that is a virtual box OVA. And basically I am trying to send logs from my linux machine that is on the same local network to my OVA graylog server. And I replied on the post more than once since I can’t post more than 1 image in each reply.
And I was trying to use port 1514 for security purposes, but then switched it back to 514 to make sure it works first before I start changing things.
using port 1514 is better (easier to get working) than using 514 for a Graylog input.
I changed the port number in the system inputs but when I look up in the server through terminal it shows 514
/etc/services is for system services and is not dynamically updated. 514 is for rsyslogd daemon, not for Graylog.
@jtkarvo, I have tried both ports. But not seeing anything on the server
Hi,
it seems to me it’s a network problem, try this first
send logs from your client to rsyslog server on the graylog machine,
if that worked, can you post the input config of your udp syslog?
another thing, you dont need all that parsing bullshit after the port (Rsyslog_syslog…) you are using rsyslog in the both ends
cheers
anas
Note that ifconfig tells you that the IP address is 192.168.0.20 but you used 192.168.0.220 in your config
If fixing that does not fix the problem, then
First, check that Graylog input works OK. You can do that with something like
echo "Test" | ncat -u 192.168.0.20 1514
(ncat can be installed with package manager)
If it works, try looking at rsyslog status
sudo systemctl status rsyslog
journalctl -x _SYSTEMD_UNIT=rsyslog192.168.0.20 is the ip address of the machine I am trying to send the log from 192.168.0.220 is the ip address of the server.
“Test” is not a valid syslog message. 
True. I also noticed that - after posting, though. I have no energy to craft a valid message for OP, now.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.