Graylog not reading/picking up Logs

Frank2000 · August 9, 2018, 7:05am

Hi,

I’m currently attempting to get Graylog working and see what I can get out of it in terms of logs. However I’m experiencing some issues with logs not being read and/or parsed by Graylog. I know that data is definitely being sent to my Graylog server on port 5414:

$# tcpdump -i eth0 port 5414 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:47:53.857663 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 589
08:47:53.858942 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 855
08:47:53.859766 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 662
08:47:53.860994 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 679
08:47:53.862091 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 1388
08:47:53.863893 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 1389
08:47:55.884001 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 588
08:47:55.885032 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 589
08:47:55.885822 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 591
08:47:55.886911 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 694
08:47:57.912318 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 599
08:47:57.913878 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 1387
08:47:57.914666 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 591
08:47:57.916051 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 1044
08:47:57.916738 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 693
08:47:57.917964 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 588
08:47:57.918824 IP 172.10.1.10.50062 > 172.12.0.25.5414: UDP, length 590
^C
17 packets captured
17 packets received by filter
0 packets dropped by kernel

However, my Graylog does not seem to want to parse or pick up the data which is arriving:

Does anyone have any suggestions where I should be looking?
Thanks,
Frank

jan · August 9, 2018, 7:57am

did you send GELF messages over the wire?
did you checked the graylog server.log?

system · August 23, 2018, 8:26am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Messages getting to server but not to Graylog Graylog Central (peer support)	5	2023	April 9, 2019
Graylog inputs do not seem to be working Graylog Central (peer support)	5	2688	September 7, 2018
Graylog ignoring certain UDP messages Graylog Central (peer support)	5	860	May 5, 2020
Udp/tcp in blocked Graylog Central (peer support)	18	2776	August 30, 2018
UDP inputs not working Graylog Central (peer support)	3	7347	January 3, 2019

Graylog not reading/picking up Logs

Related Topics