GELF UDP input not listening input from other server

Hello,
I am using Graylog 3.0.2 (OVA version). I configured one input with GELF UDP type. When I am sending udp command from same server, the graylog receiving the data and able to see it on the page. When I am sending the same command from other machine which is on the same network, the data in NOT receiving into graylog server. Should I change anything on the server level to make it work.
Port: 12201

Also let me know, how to enable the root access to this OVA instance?

Regards,
Jeen

If I understand - sending a log from the GrayLog server itself shows up, but from an external server it does not. I’m completely guessing here, as your post actually states you are seeing the message in both cases.

My first guesses in no order - without anywhere near enough information to really troubleshoot:

  1. Timestamp. If all network connectivity is there - check your logs in the future to make sure they aren’t there. If they are, adjust timestamp on sending device or massage the timestamp field to add/remove a timezone.
  2. Firewall / Network Connectivity: Easy test for this - stop the input on graylog web UI, ssh into the graylog server, and type nc -lv 4500 if it’s a TCP format or nc -lvu 4500 if its a UDP format - obviously switching to the port you’re using on the input. If you see data - the rest is simply a parsing.
  3. Wrong input type. Again, I have no idea on your environment here.

Sorry, there was a typo. In second scenario, sending data from other server, it is NOT displaying the data.

The command nc -lvu 4500 is listening when I an sending the command from same server, and not listening when I am sending the command from other server.
Which means the issues should be because of firewall settings?

Firewall or network connectivity, yes.
nc -lvu 4500 is also a UDP listener. So ensure your logs are being shipped UDP and not TCP. Take out the u to test that. nc -lv 4500 <-- thats a TCP listener.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.