New install graylog/datanode/server/mongodb

Graylog Central (peer support)
1

Ubuntu server 22.04
new install 6.2.2
Mongo DB
Graylog Datanode

Im sending syslogs udp to 5140 (default port?) and seeing them in tcpdump:
01:47:14.531766 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 725
01:47:14.531772 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 893
01:47:14.614422 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 453
01:47:17.710432 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 730
01:47:18.749557 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 462
01:47:19.865927 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 704
01:47:19.866992 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 640
01:47:19.867065 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 464
01:47:20.601560 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 456
01:47:21.720833 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 795
01:47:23.720066 IP 10.10.3.1.9757 > GRAYLOG.nelsonlab.local.5140: UDP, length 704

created 1 input with port 5140 syslog udp

image
image1173×449 20.1 KB

all 3 services are running:
nelson@GRAYLOG:~$ sudo systemctl status graylog-server.service graylog-datanode.service mongod.service

  • graylog-server.service - Graylog server
    Loaded: loaded (/lib/systemd/system/graylog-server.service; enabled; vendor preset: enabled)
    Active: active (running) since Mon 2025-06-02 01:23:25 UTC; 30min ago
    Docs: http://docs.graylog.org/
    Main PID: 3632 (graylog-server)
    Tasks: 254 (limit: 154544)
    Memory: 1.3G
    CPU: 5min 45.744s
    CGroup: /system.slice/graylog-server.service
    |-3632 /bin/sh /usr/share/graylog-server/bin/graylog-server
    `-3633 /usr/share/graylog-server/jvm/bin/java -Xms2g -Xmx2g -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseN>

Jun 02 01:23:25 GRAYLOG systemd[1]: Stopped Graylog server.
Jun 02 01:23:25 GRAYLOG systemd[1]: graylog-server.service: Consumed 6min 24.700s CPU time.
Jun 02 01:23:25 GRAYLOG systemd[1]: Started Graylog server.

  • graylog-datanode.service - Graylog data node
    Loaded: loaded (/lib/systemd/system/graylog-datanode.service; enabled; vendor preset: enabled)
    Active: active (running) since Mon 2025-06-02 01:21:14 UTC; 32min ago
    Docs: http://docs.graylog.org/
    Main PID: 2880 (java)
    Tasks: 136 (limit: 154544)
    Memory: 2.3G
    CPU: 7min 8.905s
    CGroup: /system.slice/graylog-datanode.service
    |-2880 /usr/share/graylog-datanode/jvm/bin/java -Dlog4j.configurationFile=file:///etc/graylog/datanode/log4j2.xml -Xms1g -Xmx1g -XX:+UseG1G>
    `-3303 /usr/share/graylog-datanode/dist/opensearch-2.15.0-linux-x64/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dop>

Jun 02 01:21:14 GRAYLOG systemd[1]: Started Graylog data node.

  • mongod.service - MongoDB Database Server
    Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
    Active: active (running) since Mon 2025-06-02 00:43:06 UTC; 1h 10min ago

I’ve been troubleshooting this for hours and googling and cant seem to figure it out. Probably a very stupid newbie thing, but ya, i am a newbie sorry. I just cant get this to log…

Thanks for any help

2

In your screenshot, the input is not running - it is still in setup mode.
Click “set-up input” to finish setting up.

4

damn… was right in front of my face and I still didn’t get it. I must be getting old or need to adjust my glaces… Thanks

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.