hi everyone,
What would be the correct configuration for the rsyslog on the server and on the client?
Server -> debian 10.5 ( Graylog Server ).
client -> debian 9.13 ( Client ).
Note :
I have tried to configure the configuration so that graylog maintains communication with the client but I have not succeeded. The ports are open.
Thanks for your help,
hi
In the /etc/rsyslog.conf file, the following lines starting with the “#” sign are removed
…
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")
*.* @@lab-graylog-server:51423
sudo systemctl start rsyslog
sudo systemctl enable rsyslog
sudo systemctl status rsyslog
NEXT ==>Create input syslog udp in graylog server
(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)
from The client side add file config /etc/rsyslog.conf
The server only receives logs and network traffic.
(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)
Hi
Unfortunately, you do not pay attention to the help texts at all
Use the formatting tools to make your code look a bit nicer for those trying to help you out…:
A quick google search on:
Makes it look like a syslog.conf (and other conf files) issue - here
Also this:
*.* @@Graylog.server:1510
*.* @@Graylog.server::1519
Looks a little different than suggested… at least by one colon.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.