i am a newbie in Graylog and i set it up for the first Time on a clean Ubuntu 16.04. I can reach the WebUI and i am able to pull Input on the API. Now i am trying to send Syslogs from my Sophos UTM 9. I found some Extractors on the Marketplace wich i am going to use. Now i created a new RAW/Plaintext UDP on Port 5555. I set up the UTM to send the logs to the Graylog. This is the outcome from the Sophos:
2018:10:04-16:32:17 utm syslog-ng: Syslog connection failed; fd=‘68’, server=‘AF_INET(172.16.1.54:5555)’, error=‘Connection refused (111)’, time_reopen=‘60’
i tried to curl a telnet connection to the Port directly on the Server but i only got a Connection refused message.
connect to 172.16.1.54 port 5555 failed: Connection refused
the Firewall is disabled
roto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:33911 0.0.0.0:*
udp6 0 0 :::5414 :::*
udp6 0 0 172.16.1.54:5555 :::*
udp6 0 0 172.16.1.54:12201 :::*
udp6 0 0 172.16.1.54:8514 :::*
i tried to reboot the Server several Times
Anyone knows these Issue?