Missing Log Source

Dear all,

I have just installed a graylog server and trying to add log sources one by one. By the way, I am a newbie at graylog.

I have configured my firewall (which is a Fortinet device) to send syslogs through 514. I did necessary iptables config on graylog server to direct 514 to 1514 and configured an input at graylog. (I tried both standard syslog and raw/plaintext udp )

When I check with tcpdump, I can see that logs are coming to the server.

However, these logs don’t appear in received messages.

Any ideas or additional config to make this work?

Best regards

  • if you send a log message from the command line with netcat - did you see that?
  • did you find something if you search in a time one week in the past to one week in the future?
  • did you check your graylog server.log or elasticsearch logfile?
  • did you check your Graylog UI - System > Indices if that displays you documents in the index?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.