Just not ingesting any logs

So, I’m a bit of a noob… Setting up graylog for the first time. I’m running it in docker on my NAS, and I finally got it do that I can hit the web UI.

As far as I can tell it is listening on the GELF port (12201):

echo | nc -vvv -u 12201
found 0 associations
found 1 connections:
outif (null)
src port 53790
dst port 12201
rank info not available

Connection to port 12201 [udp/*] succeeded!
But I can’t seem to send any messages to it. I tried this example to send from a bash shell. But it doesn’t work.

I thought maybe the issue was that there needs to be an input created? So I created a global GELF UDP input, but that didn’t make any difference.

Any ideas what I might be missing?

When you run in Docker - did you forward the port to the container? Did you create the input for GELF in Graylog on that port you forward?

Yea, I’m using the docker-compose example with persistence. So 12201 is open.

I did create a global GELF UDP input and a TCP one for good measure both on the 12201 port. when I try to post to it via bash shell. but it just hangs, and as far as I can tell no documents are getting created.

Any ideas? I have used the ELK stack over the years, but am trying to set up my own Graylog set up for monitoring my devices at home to get more familiar with it (we are using it at work, so this is a bit of a learning experience for me).

Thanks in advance!

Did you checked if your docker-host does not have a local firewall?

Yea, I am running my Docker on my Synology NAS. It currently has the firewall turned off. I think you can see above that I can successfully connect to that port from another host.

I’m not seeing any evidence of anything going on in the graylog logs, should I expect to see something? Or can I enable some more detailed logging there to confirm anything?

ok, got it working! I suspect it had to do with my ignorance, and perhaps not understanding how global inputs work.

It might be helpful for your future me - or others if you write your findings down.

In addition we might think of rephrasing/adding Documentation to prevent such situations in the future.

So, I think the only thing I would suggest would be to have everything configured to use right out of the box for a newbie like myself. I think the only thing that was actually missing was an input created, it took me a while to figure that out…

It seems that by default a node is already created, so it doesn’t seem like a stretch to have inputs created for the default ports that are opened in the docker image for GELF and Syslog UDP/TCP.

Make sense?

I guess that describing what needs to be done is the best solution - as we do not want to make any installation method different from each other.

But i’ll have your suggestion in mind - maybe we will add something like that in the future.

Yea, I think somewhere in the getting started section should be something that helps new folks just get something working.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.