I setup all my cisco product logs to graylog with tcp connection. Firewall logs only is viewable in graylog.
Switches and Routers log traffics could not see in the system/input even the active connection shows there.
If I set a default syslog port (udp 514) and direct to rsyslog-Linux then it works but when used custom ports in graylog, it doesn’t work properly.
If I telnet to a custom tcp port, I can see the message in graylog that input while the telnet session is active.
Anyone knows what is issue that I’m facing?