Graylog Server error logs

Hi Team,

Was trying to setup Graylog Ubuntu 20.04 VM on my server. Was following this guide to setup, however encounter the below errors when checking on the logs.

I think it’s better to use official howto, because your posted howto is for older graylog version 3.3, latest is 4.0 which has new features and also requirements.

@shoothub, thanks will try on the guide provided.

im following the ubuntu guide. and stuck at this part .

Did you copy & paste it into the command prompt? If so try typing it out see if that works.
You have a firewall enabled?

I am able to login now. but the input fail to collect logs.




Did you check your log files? It might give a clue on why its failing.
Maybe try something like this, see if that works.

@gsmith yes it is able to run using the bind address. Then how should the graylog server able to recognise the server IP if it is using

Need to trigger anything to see the logs?


Hi @fengcheng

  1. Bind address is addres for graylog input which will listen to. Address mean all addresses, so it will listen on all network interfaces that graylog box have. So change bing address to from your defined address.

  2. Check if you didn’t create more than one inputs that listen in same port. You can only create one input which listen in specific port otherwhise it will fail to start, because port is already binded by another input with same port.

Hi @gsmith,

Noted on point 1, as for point 2, I only created 1 input so far. Not sure why there is no logs messages showing.



If not try looking at your client sending messages.

@gsmith how do I go about in checking?



This may enlighten you.

Depending on what devices you have sending logs to your Graylog server may want to check them also.

How are you sending log’s to Graylog (i.e. NXLog,Rsyslog,GL Sidecar, etc…) ?
Normally the log shippers I mentioned above have there own log file that could be helpfull in troubleshooting.

Things to check:

  • Make sure timestamp is correct on both Graylog Sever and Client.
  • Check firewalls, Iptables, etc… or anything that may interfere between Graylog Server and your client.

Hope that helps

Hi Gsmith,

Done setting up firewall. Able to ping through fine.Do i need to setup something on my windows server client side??Didn;t graylog server will pick up by itself? If not i will go for simple syslog info includes event viewer logs if possible?



AFAIK Windows doesn’t natively send syslog. If you need something to ship event viewer logs, you’ll need something like Winlogbeat or NXlog. Both of those will ship via the lumberjack protocol (i.e., Beats). I’ll note that Graylog, on its own, collects nothing. There must always be an external application (e.g., syslog, some sort of beats agent, nxlog, etc.) shipping logs to Graylog for those logs to show up in Graylog.

1 Like

Hi aaronsachs,

Noted, will give winlogbeat, Winlogbeat quick start: installation and configuration | Winlogbeat Reference [7.12] | Elastic a try on one of my server.


Should I install the winlogbeat to graylog server itself or another server?

Stuck at this part,


Sorry for long delay, Ive been working.
The winlogbeat should be installed on the remote server, then point it to your Graylog server. Use the port from the INPUT you made on Graylog to configure winlogbeat.


Remote-server —> Graylog Server INPUT (i.e. Syslog UDP, Port 1514)

Maybe this might help.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.