Our Graylog is receiving input from few log sources and we have configured the GELF output to a syslog server. But I have seen an issue that till output settings are configured there are no logs being push to the the syslog server but when I delete the output settings from “Delete Globally” option there are logs which are pushed immediately with in 2-4 seconds to syslog server. Can anyone please help to let me know if I am missing any configuration settings or if I have to do any additional config changes so that logs are pushed from graylog output to syslog server in real-time ?
Thanks.
Thats odd, when you delete the output there should not be any data sent, it stops. Only thing I can think of is Timestamp issue. perhaps the log/s received by the “syslog” server the log timestamp maybe incorrect? Do you see anything in the log files on either end (i.e.,Graylog, Syslog-server)?
