Graylog inputs do not seem to be working


(Pushkar) #1

Hi guys,

I am really new to Graylog. I have read a lot of the topics on this forum to look for an answer but couldn’t find one. I recently installed Graylog instance on Openstack for a project. I sent syslogs to this instance on port 514. Below are the screenshots of my inputs.
I am also attaching configuration of my /etc/rsyslog.conf file.

inputs file_1

I have been at it for a while and haven’t been able to find any solutions. Please let me know if there is any information that I missed.

Netstat shows that Graylog is listening on port 514.

Also, tcpdump on the interface and port 514 does not show anything! Please help.


(Jan Doberstein) #2

you have opened Port 4000 with UDP Syslog input in Graylog, but your rsyslog forward the messages to Port 514.

Change rsyslog to forward to Port 4000 and you will receive messages. In addition you should not use TCP and UDP as forward - one is enough.


(Jonathan Julius Kayumbo) #3

Hi Jan, i’m also very new to graylog… am able to receive some logs from server but i can not receive logs from other important servers,
I can see messaghe from graylog that there is TCP/UDP block, can you please help out ! Please

I have attached the message i see on my graylog logs


Udp/tcp in blocked
(Omar Abdo) #4

“DPT=1947” means it’s being blocked on that port. If it’s a message you want to receive you’ll need to allow access in ufw I believe


(Pushkar) #5

Thank you. It works great now. Such a silly mistake.


(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.