Hi all,
I am new to Graylogs and tried installing on Centos 7.0 as per link https://docs.graylog.org/en/3.0/pages/installation/os/centos.html . Mongodb, elastic search and graylogs restarting works fine and I can log into webui. This tells me server is configured properly.https://marketplace.graylog.org/addons/a47beb3b-0bd9-4792-a56a-33b27b567856
created a node with below info
allow_override_date:true
bind_address:127.0.0.1
expand_structured_data:false
force_rdns:false
number_worker_threads:2
override_source:
port:5014
recv_buffer_size: 262144
store_full_message: false
I couldnt find any info on the ports related such as 514. so not sure if that is causing this. could be port related. can anyone suggest what to look for?
thanks
What are you trying to achieve? Receiving Syslog messages in your Graylog?
For starters, I’d recommend to create an Input “Syslog UDP”:
bind_address: 0.0.0.0 (you probably want your Graylog instance receive files from remote hosts)
port: 10514 (as 514 is a) the default port used for syslog and b) a priviliged port (causes problem when Graylog wasn’t started as root)
Make sure that the port is reachable on the Graylog host (Firewall etc.).
On your client (the server that sends the Syslog messages), add following line to the syslog config:
*.* @<name or ip address of Graylog server>
This is the most simple example is similar to the instructions you linked to.
You most likely want to delve into the syslog system before proceeding with setting up such a system.
And seeing this in webui
An input has failed to start (triggered 2 hours ago)
Input 5cdeda39efd93212345c1ebd has failed to start on node c56408be-7dfc-4e46-a700-9e8116621cd2 for this reason: »bind(…) failed: Permission denied.«. This means that you are unable to receive any messages from this input. This is mostly an indication for a misconfiguration or an error. You can click here to solve this.
system
June 3, 2019, 6:51am
4
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
