So, I’m a bit of a noob… Setting up graylog for the first time. I’m running it in docker on my NAS, and I finally got it do that I can hit the web UI.
As far as I can tell it is listening on the GELF port (12201):
echo | nc -vvv -u 192.168.1.53 12201
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif (null)
src 192.168.1.38 port 53790
dst 192.168.1.53 port 12201
rank info not available
Connection to 192.168.1.53 port 12201 [udp/*] succeeded!
But I can’t seem to send any messages to it. I tried this example to send from a bash shell. But it doesn’t work.
I thought maybe the issue was that there needs to be an input created? So I created a global GELF UDP input, but that didn’t make any difference.
I did create a global GELF UDP input and a TCP one for good measure both on the 12201 port. when I try to post to it via bash shell. but it just hangs, and as far as I can tell no documents are getting created.
Any ideas? I have used the ELK stack over the years, but am trying to set up my own Graylog set up for monitoring my devices at home to get more familiar with it (we are using it at work, so this is a bit of a learning experience for me).
Yea, I am running my Docker on my Synology NAS. It currently has the firewall turned off. I think you can see above that I can successfully connect to that port from another host.
I’m not seeing any evidence of anything going on in the graylog logs, should I expect to see something? Or can I enable some more detailed logging there to confirm anything?
So, I think the only thing I would suggest would be to have everything configured to use right out of the box for a newbie like myself. I think the only thing that was actually missing was an input created, it took me a while to figure that out…
It seems that by default a node is already created, so it doesn’t seem like a stretch to have inputs created for the default ports that are opened in the docker image for GELF and Syslog UDP/TCP.
