Graylogs server 3.0 not communicating with a linux VM

Hi all,

I am new to Graylogs and tried installing on Centos 7.0 as per link Mongodb, elastic search and graylogs restarting works fine and I can log into webui. This tells me server is configured properly.
And configured linix listen.conf and rsyslog.conf with the instructions here

created a node with below info

  • allow_override_date:true
  • bind_address:
  • expand_structured_data:false
  • force_rdns:false
  • number_worker_threads:2
  • override_source:
  • port:5014
  • recv_buffer_size: 262144
  • store_full_message: false

I couldnt find any info on the ports related such as 514. so not sure if that is causing this. could be port related. can anyone suggest what to look for?


What are you trying to achieve? Receiving Syslog messages in your Graylog?

For starters, I’d recommend to create an Input “Syslog UDP”:

  • bind_address: (you probably want your Graylog instance receive files from remote hosts)
  • port: 10514 (as 514 is a) the default port used for syslog and b) a priviliged port (causes problem when Graylog wasn’t started as root)

Make sure that the port is reachable on the Graylog host (Firewall etc.).

On your client (the server that sends the Syslog messages), add following line to the syslog config:

*.* @<name or ip address of Graylog server>

This is the most simple example is similar to the instructions you linked to.

You most likely want to delve into the syslog system before proceeding with setting up such a system.

And seeing this in webui

An input has failed to start (triggered 2 hours ago)

Input 5cdeda39efd93212345c1ebd has failed to start on node c56408be-7dfc-4e46-a700-9e8116621cd2 for this reason: »bind(…) failed: Permission denied.«. This means that you are unable to receive any messages from this input. This is mostly an indication for a misconfiguration or an error. You can click here to solve this.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.