Missing Log Source

sec1pps · March 20, 2019, 4:47pm

Dear all,

I have just installed a graylog server and trying to add log sources one by one. By the way, I am a newbie at graylog.

I have configured my firewall (which is a Fortinet device) to send syslogs through 514. I did necessary iptables config on graylog server to direct 514 to 1514 and configured an input at graylog. (I tried both standard syslog and raw/plaintext udp )

When I check with tcpdump, I can see that logs are coming to the server.

However, these logs don’t appear in received messages.

Any ideas or additional config to make this work?

Best regards

jan · March 20, 2019, 10:26pm

if you send a log message from the command line with netcat - did you see that?
did you find something if you search in a time one week in the past to one week in the future?
did you check your graylog server.log or elasticsearch logfile?
did you check your Graylog UI - System > Indices if that displays you documents in the index?

system · April 3, 2019, 10:26pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Troubleshoot why logs are not coming in Graylog Central (peer support)	3	3890	August 14, 2017
Graylog inputs do not seem to be working Graylog Central (peer support)	5	2920	September 7, 2018
No message sources found Graylog Central (peer support)	6	1717	April 5, 2017
Log Cisco Messages Graylog Central (peer support)	20	12371	December 13, 2019
Graylog not showing logs or messages from client Graylog Central (peer support)	7	2200	January 29, 2021

Missing Log Source

Related topics