Logs are not displaying on Graylog UI (with Serilog)

datum · July 14, 2023, 7:42am

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I am new to Graylog and trying to integrate Graylog with Serilog in my back-end app. Graylog server is on another machine and runs on 10.0.6.55. Udp port is 1514. I’ve did the configurations but logs are not displaying.

2. Describe your environment:

OS Information: Windows 10

3. What steps have you already taken to try and solve the problem?

Here’s my appsettings.json:

"Serilog": {
    "Using": [ "Serilog.Sinks.Graylog" ],
    "MinimumLevel": "Information",
    "WriteTo": [
      {
        "Name": "Graylog",
        "Args": {
          "hostnameOrAddress": "10.0.5.57",
          "port": "1514",
          "transportType": "Udp"
        }
      }
    ],
    "Properties": {
      "Application": "Centralized logging application"
    }
  }

Logger configuration part:

Log.Logger = new LoggerConfiguration().
    ReadFrom.Configuration(builder.Configuration).
    Enrich.FromLogContext().
    CreateLogger();

builder.Logging.ClearProviders();
builder.Logging.AddSerilog(Log.Logger);

And here is Graylog UDP Input:

TestUDP - GELF UDP -  (64b0f801248649515c3f7d0b) -  RUNNING
On node  8521730c / graylog
bind_address: 0.0.0.0
charset_name: UTF-8
decompress_size_limit: 8388608
number_worker_threads: 8
override_source: <empty>
port: 1514
recv_buffer_size: 262144

What am I missing? I

Any help would be really appreciated.

chris.black-gl · July 14, 2023, 2:26pm

Well, looking at the whole picture, the problem could be happening at the source, at Graylog, or somewhere in between. First, you need to confirm that the logs are arriving at the Graylog node’s interface. I would look at tcpdump on Graylog’s network interface to see if the traffic is arriving.

If not, you should determine first if the Operating system is filtering the traffic via iptables or similar. If not, you need to determing if there is anything between the source and Graylog that might filter out the traffic. ACL’s or firewall rules, for example.

Finally, you need to verify that the logs are actually being produced at the source. You might try adding an output to a flat file just to test if the logs are being created as expected.

If they are making it to Graylog, you can check for processing errors on the System/Overview page, and you can check server.log for any parsing errors that might cause messages to be dropped.

Try all that and report back.

system · July 28, 2023, 2:27pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log are not display in my input Graylog Central (peer support) basic-configuration	14	1918	May 18, 2022
Graylog not showing logs or messages from client Graylog Central (peer support)	7	1993	January 29, 2021
One of my devices data will not display in Graylog Graylog Central (peer support)	10	1413	August 7, 2018
Graylog not reading/picking up Logs Graylog Central (peer support)	2	645	August 23, 2018
Graylog inputs do not seem to be working Graylog Central (peer support)	5	2692	September 7, 2018

Logs are not displaying on Graylog UI (with Serilog)

Related Topics