I’m running Ubuntu 18.04 as a headless system, so use webmin and ssh to connect to the box. I’ve installed Graylog following the instructions from this site
I’ve managed to get access to it after a bit of searching and making some changes, but I’m now a bit stuck on how to see the messages reported.
I’ve setup my router to send syslog information to my ubuntu box and graylog is showing that messages are being received (not show if these are from my router or ubuntu), but i’m unable to view them.
I’ve think I’ve resolved it, found some other instructions on how to install elastic search along with logstash, filebeats and kidana and perform a check to see it was working.
The issue was that had to set elasticsearch use 0.0.0.0 as setting it to 127.0.0.1 only allowed access from the box running it, not from a remote client, setting it to the ip address of the machine which you were also advised to do, meant that graylog could not connect from a remote client.
Once I got elasticsearch and graylog working I removed kidana, logstash and filebeats as they seem to making the processor run @ 100% constantly.
I did also update the rsyslog settings to use port 5140 as when tried using default 514 in graylog it said failed, but when switched to 5140, graylog started receiving the syslog messages
On Linux, running software on ports <=1024 requires “root” privileges, which a proper Graylog installation does not have. That explains why you had to do this
