Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
receive log from qnap
2. Describe your environment:
OS Information:
ubuntu 22
Package Version:
5.0.3
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
set the graylog server ip and port (1514) on the qnap interface to forward message RFC-3164 but seem nothing arrive or show in graylog
same graylog server receive data for example from cisco switchs
It could be a time discrepancy between the Qnap and the you Graylog server, the logs arrive with a timestamp in the future and so there is a delay in being able to view them. If this is the problem the issue can be fixed within pipelines/rules.
To piggy back on this, I am not familiar with QNAP but I know, from experience, that certain versions of Fortinet OS provide all sorts of headaches with timestamps and format for their alleged RFC5424 compliant syslogs. So for the first couple of hours I wouldn’t receive any logs (I think it was 5 hours) and then I started receiving logs but with a 5 hour offset. I have a pipeline rule that “fixed” that but no longer use it because Fortinet got their act together (until the next “upgrade”)
