I run a graylog server with two IP addresses in separate VLANs (Local VLAN and Management VLAN). I created a Global Raw Plaintext TCP Input to get logs from Juniper with the following configs:
Bind Address : 0.0.0.0
Receive Buffer Size : 1048576
Maximum message size : 2095172
but i don’t get any log from juniper. When i verify packets with tcpdump on management interface on Graylog server i saw the following is repeated continuously
192.168.5.41.27244 > 192.168.5.86.12201: Flags [.], cksum 0x1899 (correct), seq 1239593:1240973, ack 1, win 63335, length 1380
192.168.5.86.12201 > 192.168.5.41.27244: Flags [.], cksum 0x8bea (incorrect -> 0xb31b), ack 1234073, win 65084, length 0
192.168.5.41 is Juniper IP Address and 192.168.5.86 is Graylog Server IP Address.
Graylog Server : Centos 7 and Version 2.4.6
Please help me! what’s your idea?