Graylog and Sophos logs


#1

Hi.
I have problem with Graylog and Sophos UTM logs.
My Graylog version: v2.0.3
Sophos: UTM 9.
I configure syslog on Sophos and Graylog receive logs from Sophos.
When I click show received messages, I do’t see any messages.
I only see: “Nothing found”
I try to import extractor “Graylog Sophos UTM 9 Extractors”, but doesn’t work.
What can I do to resolve this problem?
Thanks in advance for any help.


(Francois) #2

I ran into a similar situation with a different source of logs. Turned out that I was expecting TCP data when it actually came over UDP. I figured it out by doing a packet capture on the Graylog server listening for any traffic that originated from the IP that was sending logs.

Best of luck!


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.