Juniper Logs do not receive to Graylog


(Younes) #1

Hi guys
I run a graylog server with two IP addresses in separate VLANs (Local VLAN and Management VLAN). I created a Global Raw Plaintext TCP Input to get logs from Juniper with the following configs:

Bind Address : 0.0.0.0
Port: 12201
Receive Buffer Size : 1048576
Maximum message size : 2095172

but i don’t get any log from juniper. When i verify packets with tcpdump on management interface on Graylog server i saw the following is repeated continuously

192.168.5.41.27244 > 192.168.5.86.12201: Flags [.], cksum 0x1899 (correct), seq 1239593:1240973, ack 1, win 63335, length 1380
192.168.5.86.12201 > 192.168.5.41.27244: Flags [.], cksum 0x8bea (incorrect -> 0xb31b), ack 1234073, win 65084, length 0

192.168.5.41 is Juniper IP Address and 192.168.5.86 is Graylog Server IP Address.

Graylog Server : Centos 7 and Version 2.4.6

Please help me! what’s your idea?
Best Regards.


(Younes) #2

I find solution!
Null Frame Delimiter must selected.
other configs was ok!


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.