Graylog listeners only on ip6?

Hello all. It’s my first time working with Graylog here. I’ve got the appliance setup and running in my environment. However, I’m not seeing any messages coming in or out. I’ve installed the nxlog client on my windows machine, edited the conf file appropriately. Setup GELF UDP and SYSLOG UDP global inputs… still no messages. I checked my server processes and I see the port that its listening on is using udp6. Is there a way to make it listen on udp4? At least that’s what I’m leaning to as to what the issue is. I’ve also added (-Djava.net.preferIPv4Stack=true) to the DEFAULT_JAVA_OPTS variable in the graylogctl script.

All help is greatly appreciated!

…Looks like I had the client configured wrong. I’m doing this on a windows AD box to capture failed logins and such. I currently only have nxlog installed. Do you need to have sidecar installed too?

Hej @gstyle

Graylog is listening on v4 and v6 per default. You might have some issues deliver logfiles. Did you checked if you are able to reach Graylog from the source on the given port or if a firewall or router did break that route.

Sidecar is a helper tool to actually configure the Logfile shipper (like nxlog or winlogbeat).

Thanks Jan,

It looks like messages are being delivered. Even though it is listening on IP6 (according to netstat). I’m not sure how as the client has an IP only on IP4.

Do I need to have sidecar installed? I have nxlog running and it seems to work without it. Or will that really suck up bandwidth shipping logs over to my graylog server?

I think you’re misinterpreting the output of netstat.

Only if you want to manage the configuration of NXLOG via Graylog.

jochen,

Thank you greatly. That completely makes sense!

I’ll experiment with sidecar. I just happened to get it to work without it and wondered why.

Thank you all!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.