Having issues in logging syslog to Graylog UI

All,

I am new to Graylog and i am not able to send the logs to Graylog UI.
I am running Graylog, Elastic search and Mongo DB on the same server. I have the UI running in the same server as well.
I was able to access the UI successfully and was able to create the Input successfully, as syslog UDP via port 5140. I used my server IP (x.x.x.x) as the bind address.
But i dont see any messages flowing into graylog.
I added the below in the syslog-ng.conf and restarted it:
destination d_NET { udp(“x.x.x.x” port(5140)); };
log { source(s_syslog); destination(d_NET); };

Please let me know, what i am missing here. Any help would be appreciated.

Graylog logs:
2019-10-02T14:33:54.614-04:00 INFO [InputStateListener] Input [Syslog UDP/5d94ed92a0aa6389dd70ccc3] is now RUNNING

Mongo DB:
tcp 0 0 x.x.x.x:27017 0.0.0.0:* LISTEN

Elastic search:
tcp6 0 0 x.x.x.x:9200 :::* LISTEN

I am using Linux server on RHEL 7.7

and what Graylog version did you use?

Graylog 3.1.

Commands used:
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
yum install graylog-server

as you use udp - you need to check. Could you send a log message via shell direct to graylog and check if that arrived. If not, check firewall or similar.

whether both hosts are in the same network?
do you see any packets in tcpdump?
check the output of lsof -Pni :5140

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.