Get logs from inputs

(Nimol) #1

Hi community,
I’m not able to get any log from Syslog UPD port 514 but from UDP RAW port 514.
does anyone know why?


(Jochen) #2

Maybe the clients sending invalid syslog messages.

You can check if the input receives any data at all, e. g. using Wireshark or tcpdump.

(Nimol) #3

I receive data from them. actually GL also but messages can’t be processed and after a few minutes I get high disk utilization error.

(Jochen) #4

Why can’t they be processed?

(Nimol) #5

is there any way to check that why? I can’t see anything in logs!

(Jochen) #6

You could post the logs of your Graylog and Elasticsearch nodes.

