Greylog not receiving messages from OSSEC - no errors in logs

Greylog not receiving messages from OSSEC - no errors in logs

I install greylog on debian EC2 with OSSEC on it and followed guide as below
https://2code-monte.co.uk/2018/04/02/ossec-logs-into-graylog/ 3

I can see csyslogd working fine
2018/08/16 11:03:26 ossec-csyslogd: INFO: Started (pid: 3621).
2018/08/16 11:03:26 ossec-csyslogd: INFO: Forwarding alerts via syslog to: ‘10.210.10.184:5555’.
2018/08/16 11:32:05 ossec-csyslogd(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit Cleaning…

But nothing in inputs on greylog

Local inputs
OSSEC_MASTER
bind_address: 0.0.0.0
locale:
max_message_size: 2097152
port: 5555
recv_buffer_size: 262144
tcp_keepalive: false
timezone: Europe/London
tls_cert_file:
tls_client_auth: disabled
tls_client_auth_cert_file:
tls_enable: false
tls_key_file:
tls_key_password: ********
use_full_names: false
use_null_delimiter: false

I double checked and looks like I didn’t miss any steps also I can’t see any errors which is strange

Where I can see some errors so I can troubellshot that ? for instance if data is getting to graylog buy is not poarsed properly

PLEASE ADVISE !!!

Thanks

did you check if the sending server can reach the graylog system? No firewall on any host is blocking anything?

Nothing is blocking anything is just doesn’t work

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.