I have just installed graylog and got it all setup and I think running correctly (mainly from the Admin-mag article - even if there were some spelling mistakes in some of the code). But it seems that the data is not being processed by the server.
Please forgive me as I have searched the forums and google, but nothing jumps out as a solution to my problem, I have enough linux knowledge to be dangerous, but in no way an expert, so might need a little hand-holding.
What I have done so far
Graylog running, GELF_UDP input created, added firewall rule to allow 12201/UDP through (this wasnt mentioned any of the guides, so not too sure if it is required)
Installed nxlog on windows box and configured it to send the windows logs to the graylog server, and it seems to be sending data
When I tcpdump on port 12201, I can see the traffic coming in from the windows box, but nothing is being processed.
13:40:47.929595 IP .63650 > 10.52.10.112.12201: UDP, length 680
13:40:47.929602 IP .63650 > 10.52.10.112.12201: UDP, length 684
13:40:47.930082 IP .63650 > 10.52.10.112.12201: UDP, length 685
Please see below for config files that might be useful
graylog server.conf - ignore the spaces after the http - this is to get around the links limit in the forum
is_master = true
node_id_file = /etc/graylog/server/node-id
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http ://10.52.10.112:9000/api/
rest_transport_uri = http ://10.52.10.112:9000/api/
web_enable = true
web_listen_uri = http ://10.52.10.112:9000/
define ROOT C:\Program Files (x86)\nxlog
Path in => out
Thanks for any help