New Remote Server Doesn't send rsyslog to established Graylog Server

I have several servers that send rsyslog and apache data to a Graylog server. I recently launched a server to learn about mail servers using Mail-In-A-Box using a Digital Ocean droplet.

On all my servers I have a .conf file in my rsyslog.d folder with the following entry:
*.* @XXX.XXX.XXX.XXX:1514;RSYSLOG_SyslogProtocol23Format

This works and my Graylog server is getting all the logs that I need. However, my new server running Ubuntu Server 18.04.05 with all updated packages isn’t sending those logs.

I’ve ensure that port 1514 udp and tcp are open on both servers. I’ve also used grep on both my journalctl and syslog for the IP address and I just don’t see anything.

I just can’t figure out why this new server isn’t sending in the logs and I’m a little fuzzy on how to troubleshoot beyond what I have above. Any ideas?

Hi,  cinemafunk 

check again and 
Make sure the operating system firewall is configured correctly
$ ps aux | grep syslog ==> is enable
$ sudo tcpdump -i eth0 host <IP ADDR> and udp port 1514 ===> check traffic
$ sudo netstat -peanut | grep ":1514"  ===> Open Port
$ logger test -n <IP ADDR> -P 1514 ===> creat log for test

I cleared out my all firewall rules and re-established them. That seemed to do the trick.

do you check logs of graylog server ?
tail -f /var/log/graylog-server/server.log
please send some of them .

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.