pablik
(Paweł)
1
Hi, after installation graylog i try connect my other Debian station by rsyslog and:
On debian station, i add to “/etc/rsyslog.d/loghost.conf” to forward log to graylog
*.* @@xxx.xxx.xxx.xxx:5140
Restart rsyslog:
root@SMSServer:/etc/init.d# ./rsyslog restart
[ ok ] Restarting rsyslog (via systemctl): rsyslog.service.
Next i add in graylog “Syslog TCP” input, and set:
Node, Title, Bind address and Port.
Input is running, and when i try login by ssh the i recive data on this input “Network IO”:
But there is no message ;(
jochen
(Jochen)
2
Make sure that rsyslog is able to send TCP packets to your Graylog server and that the IP address and port is correct.
Additionally, please refer to https://github.com/Graylog2/graylog-guide-syslog-linux#rsyslog for instructions about how to configure rsyslog.
pablik
(Paweł)
3
I try :
UDP
*.* @xxx.xxx.xxx.xxx:5140
*.* @xxx.xxx.xxx.xxx:5140;RSYSLOG_SyslogProtocol23Format
TCP
*.* @@xxx.xxx.xxx.xxx:5140
*.* @@xxx.xxx.xxx.xxx:5140;RSYSLOG_SyslogProtocol23Format
But result is the same, recive data but no message ;(
RSyslogd Vesion
root@SMSServer:/home/pablik# rsyslogd -version
rsyslogd 8.4.2, compiled with:
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
jan
(Jan Doberstein)
4
Hej Pawel,
it is not clear from your Image if the Syslog Input is running on Port 5140 …
additional you should check your Graylog server.log if you see any lines that might give you an idea what happens…
pablik
(Paweł)
5
UDP WORK !!!
*.* @xxx.xxx.xxx.xxx:5140;RSYSLOG_SyslogProtocol23Format
I dont know why TCP dont work