Logs are not displaying on Graylog UI (with Serilog)

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I am new to Graylog and trying to integrate Graylog with Serilog in my back-end app. Graylog server is on another machine and runs on Udp port is 1514. I’ve did the configurations but logs are not displaying.

2. Describe your environment:

  • OS Information: Windows 10

3. What steps have you already taken to try and solve the problem?

Here’s my appsettings.json:

"Serilog": {
    "Using": [ "Serilog.Sinks.Graylog" ],
    "MinimumLevel": "Information",
    "WriteTo": [
        "Name": "Graylog",
        "Args": {
          "hostnameOrAddress": "",
          "port": "1514",
          "transportType": "Udp"
    "Properties": {
      "Application": "Centralized logging application"

Logger configuration part:

Log.Logger = new LoggerConfiguration().


And here is Graylog UDP Input:

TestUDP - GELF UDP -  (64b0f801248649515c3f7d0b) -  RUNNING
On node  8521730c / graylog
charset_name: UTF-8
decompress_size_limit: 8388608
number_worker_threads: 8
override_source: <empty>
port: 1514
recv_buffer_size: 262144

What am I missing? I

Any help would be really appreciated.

Well, looking at the whole picture, the problem could be happening at the source, at Graylog, or somewhere in between. First, you need to confirm that the logs are arriving at the Graylog node’s interface. I would look at tcpdump on Graylog’s network interface to see if the traffic is arriving.

If not, you should determine first if the Operating system is filtering the traffic via iptables or similar. If not, you need to determing if there is anything between the source and Graylog that might filter out the traffic. ACL’s or firewall rules, for example.

Finally, you need to verify that the logs are actually being produced at the source. You might try adding an output to a flat file just to test if the logs are being created as expected.

If they are making it to Graylog, you can check for processing errors on the System/Overview page, and you can check server.log for any parsing errors that might cause messages to be dropped.

Try all that and report back.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.