Graylog inputs not working

My Graylog server is up and now in configuration stage. I have created several Syslog inputs but unable to start them. When I clicked start input, a message pop up saying “Input BB SW 1 could not be started”. The messages in log show:

Input [Syslog UDP/59c1e66651ed270cca671c18] is now STARTED
Input [Syslog UDP/59c1e66651ed270cca671c18] is now STOPPING
Input [Syslog UDP/59c1e66651ed270cca671c18] is now STOPPED
Input [Syslog UDP/59c1e66651ed270cca671c18] is now TERMINATED

What’s the configuration of the Syslog UDP input?
What’s in the logs of your Graylog node?

There are some progresses after my last post.
I disabled rest_transport_uri in Graylog configuration file, then input is working for binding address of and
But failed with others. Could you let me know what suppose to be binding address? I thought it should be equipment like switches, routers, firewalls.

please look at the FAQ

I have changed the port number beyong 1024 but still failed.

Hey @seansem,

you already use port 8514 on BB SW2, with uses as bind address and therefore listens on all IPs your server has. So trying to start BB SW1 will fail since port 8514 is already bound on that IP. Use another port or change the bind address of BB SW2. :slight_smile:

Greetings - Phil

After changed still failed.


does your server actually have the IPs and
This seems kind of odd.

To check: use ifconfig on the CLI of your server and check if the server has these IPs. If not, this would be the error then.

Greeting - Phil

@derPhlipsi, and 103 are my switches IP addresses.
So, the bind address should be the equipment (switches, routers, servers) or Graylog server itself?

It should be your graylog IP or which would listen on all graylog interfaces.

1 Like

You don’t need to create an individual Syslog UDP input for each client.
Creating one Syslog UDP input to which all clients can send their messages works fine.

1 Like

Thank you for your reply. I managed to get it work now.
However, the issue again after I enabled HTTPS. I went through those steps mentioned in but I got no idea how to proceed with step below:
In order for the JVM to pick up the new trust store, it has to be started with the JVM parameter If you’ve been using another password to encrypt the JVM trust store than the default changeit, you additionally have to set the JVM parameter

The documentation says in the following paragraph:

Most start and init scripts for Graylog provide a JAVA_OPTS variable which can be used to pass the and (optionally) system properties.

Also see

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.