Don't receive Input syslog UDP with HAProxy

Hi there,

I don’t see any logs when i click to “show received messages” on the search overview.
I have installed a cluster setup -> 3 graylog servers with MongoDB, 3 Elasticsearch servers and in front
a HAProxy (http://www.haproxy.org/)
following config on HAproxy:

Provides UDP syslog reception

$ModLoad imudp
$UDPServerRun 2514

following config on graylog server are set:
/etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 2514

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @Virtual IP from HAProxy:2514
# ### end of the forwarding rule ###

Input config on Graylog web:
Linux Syslog Syslog UDP 1 FAILED, 2 RUNNING

  • allow_override_date:
    true
  • bind_address:
    0.0.0.0
  • expand_structured_data:
    false
  • force_rdns:
    false
  • number_worker_threads:
    4
  • override_source:
  • port:
    2514
  • recv_buffer_size:
    262144
  • store_full_message:
    false

Input 5e21c7fc098c6… has failed to start on node 4a9… for this reason: »bind(…) failed: Permission denied.«. This means that you are unable to receive any messages from this input. This is mostly an indication for a misconfiguration or an error. You can click here to solve this.

Thanks for your inputs!

Make sure, that you don’t use same port 2514 UDP (Syslog UDP) for another Input…

As far as I know haproxy doesn’t support UDP.
Check it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.