Greylog not receiving messages from OSSEC - no errors in logs

(tom) #1

Greylog not receiving messages from OSSEC - no errors in logs

I install greylog on debian EC2 with OSSEC on it and followed guide as below 3

I can see csyslogd working fine
2018/08/16 11:03:26 ossec-csyslogd: INFO: Started (pid: 3621).
2018/08/16 11:03:26 ossec-csyslogd: INFO: Forwarding alerts via syslog to: ‘’.
2018/08/16 11:32:05 ossec-csyslogd(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit Cleaning…

But nothing in inputs on greylog

Local inputs
max_message_size: 2097152
port: 5555
recv_buffer_size: 262144
tcp_keepalive: false
timezone: Europe/London
tls_client_auth: disabled
tls_enable: false
tls_key_password: ********
use_full_names: false
use_null_delimiter: false

I double checked and looks like I didn’t miss any steps also I can’t see any errors which is strange

Where I can see some errors so I can troubellshot that ? for instance if data is getting to graylog buy is not poarsed properly



(Jan Doberstein) #2

did you check if the sending server can reach the graylog system? No firewall on any host is blocking anything?

(tom) #3

Nothing is blocking anything is just doesn’t work

(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.