First off, Google Translate to the rescue: Dzień dobry! Rozumiem, że jest to niewygodne, ale zasady na forum mówią, że musimy pisać po angielsku.
Right… I will try to summarize:
- You have two Syslog-type inputs defined, one TCP, one UDP.
- The Mikrotik boxen aren configured to send their syslogs to either of these.
- The MT logs arrive correctly at the UDP one, not at the TCP one.
This will come down to basic troubleshooting again… Unfortunately your screenshot does not show the config of both inputs, so we can’t easily compare them. So… basics, basics, basics…
- Configure one of your MT boxen to send TCP syslogs to the Graylog host, port 30000.
- On the Graylog host, use
netstatto verify that the input is listening on 30000. - On the Graylog host, check the firewall to see that the port is open for TCP.
- On the MT, test if you can connect to port 30000 on the Graylog host.
- Heck, pick another Linux host and try to send random data to the Graylog host, port 30000, using
netcat. - If log data is not arriving from the MT, run a Wireshark to see whether you even see network traffic going from the MT to Graylog.
And so on…