Hi,
new user here.
just installed Graylog and defined a UDP syslog input: 0.0.0.0:8514
I am sending 3 device logs (asus, Comware5, Vcenter) to the input but in stream all messages I only see messages from from vcenter.
Do I need an udp syslog input per device and have them on different ports (8514,15,16)?
Also all messages defaults to Nothing found in stream All messages in last 5 minutes. Only if I filter by “search in all messages” I see the messages. How do I fix that ?
best gnommon
You can have only one stream for all devices. Check other devices if they are sending anything out.
As for All messages stream, perhaps there are no messages at all in last 5 minutes.
It is up to you if you like to have one input per device (type) or one input for all devices using the same sending mechanism (syslog udp).
Each way of doing has their benefits. One input per device makes it easy to find configuration gaps and it allows easy to fix the incoming messages because it is easy to identify them. If some kind of normalization is needed.
Having only one input will make it easier to open the routes into Graylog - having only a single port open in the network …
You first need to identify if all your devices are really sending data into Graylog - can reach Graylog and the port on a network level. If that happens, search in “all messages” and also with a specific time one year in the past and the future. The timestamp of the messages might be corrupt/not right.
Also the Graylog server.log might give you some information if Graylog has received the messages but can’t work with them.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
