Issue about Input syslog failed on graylog


I have issue about create Input syslog (TCP/UDP 514) failed on graylog , kindly advise me how to solve this.

The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feaure, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you.

Graylog is running as user graylog, what means you are not able to run on ports below 1024. If you have the need to ingest logs on Port 514 because the software/hardware can only send to this port - use the power of search in this community to get your answer.


I tried to used port 1514 instead port 514, but graylog still not receive logs from source Windows

What shipper did you use to send the logs from Windows to Graylog?
To give you the right advise or support it would very helpful to have some more informations!

First advise without any further knowledge about setup and envrionment i would advise to use the input called “Raw/Plaintext UDP” or “Raw/Plaintext TCP” depends on which protocol is using your client for sending the logs to graylog.

And another advise for windows servers i recommend to use the winlogbeat in combination with the graylog-sidecar or whitout. Then you need to use the Beats Input.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.