Greylog not receiving messages from OSSEC - no errors in logs


(tom) #1

Greylog not receiving messages from OSSEC - no errors in logs

I install greylog on debian EC2 with OSSEC on it and followed guide as below
https://2code-monte.co.uk/2018/04/02/ossec-logs-into-graylog/ 3

I can see csyslogd working fine
2018/08/16 11:03:26 ossec-csyslogd: INFO: Started (pid: 3621).
2018/08/16 11:03:26 ossec-csyslogd: INFO: Forwarding alerts via syslog to: ‘10.210.10.184:5555’.
2018/08/16 11:32:05 ossec-csyslogd(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit Cleaning…

But nothing in inputs on greylog

Local inputs
OSSEC_MASTER
bind_address: 0.0.0.0
locale:
max_message_size: 2097152
port: 5555
recv_buffer_size: 262144
tcp_keepalive: false
timezone: Europe/London
tls_cert_file:
tls_client_auth: disabled
tls_client_auth_cert_file:
tls_enable: false
tls_key_file:
tls_key_password: ********
use_full_names: false
use_null_delimiter: false

I double checked and looks like I didn’t miss any steps also I can’t see any errors which is strange

Where I can see some errors so I can troubellshot that ? for instance if data is getting to graylog buy is not poarsed properly

PLEASE ADVISE !!!

Thanks


(Jan Doberstein) #2

did you check if the sending server can reach the graylog system? No firewall on any host is blocking anything?


(tom) #3

Nothing is blocking anything is just doesn’t work


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.