I collect the logs of a Cisco switch with Graylog, to have the switch logs, I made a script "Prerouting - iptables - graylog- 514-1514 " (Redirect Graylog traffic) …in graylog I put “input” under port 514, it didn’t work, the switch sends the logs on port 514, so it requires a redirect…now i can have switch logs but why graylog does not accept logs under port 514 in the case of switch cisco. Please I want to know exactly why ??
Graylog is bind to privileged ports (anything <1024) but about switch cisco i have no exact information is what the switch sends his logs by default through port 514 ?