Juniper SRX345 and Gaylog not working

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

Syslog not receiving syslog messages

Ubuntu Latest
22.04
Latest greylog server open

I created an input on port 1514 and see that syslogs are coming to my Ubuntu server via tcpdump but geylog is not showing any messages

Am I missing something here

Here is what I see in my tcpdum.cap file

^Tb^B^B^B^B^C�7�<14>1 2023-07-09T18:10:29.366-04:00 gw3 RT_FLOW - RT_FLOW_SESSION_CREATE [source-address=“128.116.27.182” source-port=“24292” destination-address=“64.182.182.72” destin>

^T�

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Is there anyway to force geylog to listen to port 514. Because I can not get my firewall to send the syslogs on ports 1514

Graylog is written with an “a” and not an “e”.

Port 514 is below 1000, so only root-users should open ports there. A nginx as LB could redirect your ports.

If the messages do not pop up, but are visable in in/out on the top right, check your timezones.

i changed the user to root and it now reads port 514

that’s not the best idea in regards to security.

The server is not exposed to the internet. Plus got the SRX to finally use port 1514 using this command
set security log stream Greylog host port 1514

Where Graylog could be your stream server name

Still the same as 3 days ago

please show the output of “show security log”. From configuration mode or “show configuration security log” from operational mode.

Show the output of “show system timezone” and from operational mode “show system uptime” or “run show system uptime” from configuration mode.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.