How to put the syslog from AIX host into the graylog server?

Dear all ,
I can set the syslog configuration on Linux platform and put the log into the graylog successfully ,but i can not figure out the same setting of AIX platform , it can not put the syslog into the graylog. I used the default syslogd daemon on AIX and refer to the tech document on IBM Knowledge web site. (url :
however, it still can not work…

Can anybody know how to set syslog on AIX correctly or maybe i ignore the some step ?
please help it , thanks

Syslog on AIX support only UDP syslog to default port 514. So check, that you use graylog Input: Syslog UDP. By default graylog couldn’t run Input on port 514 (below 1024 - because it’s run as normal user not root), so check iptables to forward UDP 514 to graylog input port:

Check that you use right syntax in /etc/syslog.conf:

*.info            @<IP_address_of_graylog_server>

If you want to forward everything use:

*.debug            @<IP_address_of_graylog_server>

And restart syslog
refresh -s syslogd

AIX support also rsyslog, so if you switch from syslogd, you can use same configuration as Linux:

Best way to debug received messages is to run tpcdump on graylog server:
sudo tcpdump -A -n -vv -i ens160 udp port 20514

Dear shoothub
Thank you for your replies, first i have add the iptables to forward UDP514 to graylog input port on graylog server . [rule like this: iptables -t nat -A PREROUTING -p tcp --dport 514 -j REDIRECT --to 1514]
Should i add the global input Syslog UDP with port 1514 on the graylog web setting?

At last, i run tcpdump , it look like no messages from remote host …
sudo tcpdump -A -n -vv -i ens160 udp port 1514

many thanks.

Dear shoothub,
Tell you a good news,
I find the root cause and resolve it, the Syslog of AIX can forward to the Graylog .

thank you for your help and many thanks


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.