Quick question. Pretty sure I know what is going on but just double checking. Have a 3rd party sending logs to graylog via syslog TCP input. We have many inputs but theirs is the only one showing HUGE amounts of “Empty messages discarded” They claim they are doing no such thing however my gut feeling is that they indeed are sending empty messages as this is the only time I’ve ever even seen this number above 0. Could this be an issue on the graylog side or is the likely culprit actually them sending empty messages?
Hard to say without any data.
Maybe try recording some of the network traffic to the Syslog TCP input with Wireshark or tcpdump.
Sure thing. I’ll do exactly that. Post my findings. Thanks Jochen.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.