First some context : I’m trying to send logs from cisco 3504 wlc to graylog, before this I tried to do it with a syslog-ng server, everything was working, I did recieved logs but since I tried to delete the intermediate (syslog-ng server), Graylog no longer receives any logs.
Actual config : Graylog OVA 4.0.1 for VMWare.
Now what I tried : - use iptables to redirect port 514 to 1514 (can’t redirect w/ firewall)
As a new person to Graylog, I used other tools and equipment to test. For example, with my Cisco equipment I started sending it to a VERY simple Windows Syslog program. Once I knew that work working, I change Cisco to Graylog. At least I new one side was working. Thank you, Zach.
If I understand well you mean that the problem can come from everywhere but I already know that my cisco equipement is working because with a syslog-ng server my graylog server received logs and displayed them so the problem can only come from graylog.
I came back to the setup with a syslog-ng and I think i can see where is the problem. Actually I leave in France so my right timestamp is CET (+01:00) but when i let the “root_timestamp” as default (UTC +00:00) the website display the right time but
there is 1h less in the log message for no reason
