Connection refused on any Port except 9000, 9200, 9300

Hey there,

i am a newbie in Graylog and i set it up for the first Time on a clean Ubuntu 16.04. I can reach the WebUI and i am able to pull Input on the API. Now i am trying to send Syslogs from my Sophos UTM 9. I found some Extractors on the Marketplace wich i am going to use. Now i created a new RAW/Plaintext UDP on Port 5555. I set up the UTM to send the logs to the Graylog. This is the outcome from the Sophos:

2018:10:04-16:32:17 utm syslog-ng[5403]: Syslog connection failed; fd=‘68’, server=‘AF_INET(172.16.1.54:5555)’, error=‘Connection refused (111)’, time_reopen=‘60’

i tried to curl a telnet connection to the Port directly on the Server but i only got a Connection refused message.

connect to 172.16.1.54 port 5555 failed: Connection refused

the Firewall is disabled

netstat -lun

roto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:33911 0.0.0.0:*
udp6 0 0 :::5414 :::*
udp6 0 0 172.16.1.54:5555 :::*
udp6 0 0 172.16.1.54:12201 :::*
udp6 0 0 172.16.1.54:8514 :::*

i tried to reboot the Server several Times

Anyone knows these Issue?

Did you checked if you have kind of firewall active on the Graylog?

Do u mean the Graylog himself or the Server? On the Server the Firewall is disabled. If u ment the Graylog I need to know where I have to look for it

Hi,

are you sure you are using UDP in the rsyslog side? UDP is connectionless, so there should be no attempt to make a connection, if you use UDP.

Personally, I like TCP, so I would set up the input in TCP (and use rsyslog type input), and configure rsyslog to send in TCP.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.