Don't receive Input syslog UDP with HAProxy

Graylog Central (peer support)
1

Hi there,

I don’t see any logs when i click to “show received messages” on the search overview.
I have installed a cluster setup -> 3 graylog servers with MongoDB, 3 Elasticsearch servers and in front
a HAProxy (http://www.haproxy.org/)
following config on HAproxy:

Provides UDP syslog reception

$ModLoad imudp
$UDPServerRun 2514

following config on graylog server are set:
/etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 2514

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @Virtual IP from HAProxy:2514
# ### end of the forwarding rule ###

Input config on Graylog web:
Linux Syslog Syslog UDP 1 FAILED, 2 RUNNING

  • allow_override_date:
    true
  • bind_address:
    0.0.0.0
  • expand_structured_data:
    false
  • force_rdns:
    false
  • number_worker_threads:
    4
  • override_source:
  • port:
    2514
  • recv_buffer_size:
    262144
  • store_full_message:
    false

Input 5e21c7fc098c6… has failed to start on node 4a9… for this reason: »bind(…) failed: Permission denied.«. This means that you are unable to receive any messages from this input. This is mostly an indication for a misconfiguration or an error. You can click here to solve this.

Thanks for your inputs!

2

Make sure, that you don’t use same port 2514 UDP (Syslog UDP) for another Input…

3

As far as I know haproxy doesn’t support UDP.
Check it.

1 Like
4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.