I’d just like to start seeing the logs from the graylog server itself. However I tried to change the syslog configuration there is no “connection enabled” on my input
So I let the default config of rsyslog.conf
thank you in advance
I arleady search on google and on the forum, but I didn’t find the solution.
Here’s I have all my service (graylog, elasticsearch, mongo, rsyslog) that work noramlly, and I did the firewall rules, tcp and udp modules are uncomment in rsyslog.conf
I didn’t see the same thing other hand in google or here
NO it’s not a problem, it’s general info that you should see in all graylog instances.
How did you configure rsyslog? please post
Here’s the configuration of rsyslog.conf:
The last ip is the one of the local server (graylog and syslog)
Why you try to send syslog messages to port 514, where rsyslog is listening? It doesn’t make sense.
Try to use recommended steps:
Syslog Inputwith port higher than 1024 e.g. 1514, TCP or UDP
- If you created
UDP Syslog Inputreplace last line with:
- If you created
TCP Syslog Inputreplace last line with:
Thank you @shoothub
I try to send syslog messages to port 514 and not to port 1514 becayse rsyslog show mistake when I configure rsyslog to port 1514:
That’s why I send to port 514, so I created a firwall rule to translate:
And even when I do what you tell me to do just before, there’s stille no active connection in graylog
I don’t have good experience with port 514 translation, I would recommend to use ports higher than 1024, because graylog runs a normal user, and couldn’t listen lower port than 1024.
You mixed 2 things. You’ve setup rsyslog to listen on port 514 and and to send to it? If you want to only forward local logs to graylog using rsyslog, comment lines in rsyslog to listen on port 514, create Input with listening port higher and 1024 and forward with rsyslog line that i have provided.
That’s what I did in my first try. Everything was supposed to be in 1514 port. I tried to do what you did, and comment all the line with 514. There’s still only this line:
But there’s still the same problem, no active connections and all the errors messages with
systemctl status rsyslog
If you use Selinux, try to disable it (set to Permissive), restart rsyslog. Maybe Selinux is blocking connection.
It’s good, I have an active connexion, no log for now, but that’s an other thing.
Thanks a lot!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.