No Input Messages

ace · June 12, 2017, 8:16pm

Hello,

I just installed Graylog2 and its dependencies in one VM (Centos 7). It appears to be working fine, but I’m not seeing any input messages. I’ve configured two devices to send to the Graylog server and I’m seeing traffic coming from both of them via tcpdump. Not sure what I’m missing. Any ideas of where I should be looking to resolve this?

Thanks,

Allan

jochen · June 12, 2017, 8:45pm

How did you install Graylog?
How did you configure Graylog?
How did you configure the inputs in Graylog?
What’s in the logs of your Graylog node?

ace · June 12, 2017, 10:33pm

Hello,

How did you install Graylog?
I followed the Graylog Centos installation guide at http://docs.graylog.org/en/2.2/pages/installation/os/centos.html.

How did you configure Graylog?
I followed the steps on how to configure graylog guide at http://docs.graylog.org/en/2.2/pages/configuration.html.

How did I configure the inputs in Graylog?
For the Sonicwall device I went to the Graylog Marketplace and downloaded the Sonicwall Content and imported the content from Graylog Inputs menu. For the Dell switch I configured Raw/Plaintext UDP input and for the linux server syslog UDP as the input.

As far as error logs, no errors under /var/log/graylog-server/server.log after I fixed a few errors the day before, but nothing new today.

However under /var/log/elasticsearch/graylog.log, this is what I’m seeing:

[2017-06-12 13:40:55,263][INFO ][cluster.service ] [Flash Thompson] removed {{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{Q00b8wNqRGaUeMaZRyT2DQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false},}, reason: zen-disco-node-left({graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{Q00b8wNqRGaUeMaZRyT2DQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false}), reason(left)
[2017-06-12 13:59:33,470][INFO ][cluster.service ] [Flash Thompson] added {{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{IS1r4pAGS2aow6VWnKk5-A}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false},}, reason: zen-disco-join(join from node[{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{IS1r4pAGS2aow6VWnKk5-A}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false}])
[2017-06-12 14:06:14,082][INFO ][cluster.service ] [Flash Thompson] removed {{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{IS1r4pAGS2aow6VWnKk5-A}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false},}, reason: zen-disco-node-left({graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{IS1r4pAGS2aow6VWnKk5-A}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false}), reason(left)
[2017-06-12 14:06:31,337][INFO ][cluster.service ] [Flash Thompson] added {{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{cTve8GMJSMyZyHR_4zPNVQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false},}, reason: zen-disco-join(join from node[{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{cTve8GMJSMyZyHR_4zPNVQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false}])
[2017-06-12 14:16:37,650][INFO ][cluster.service ] [Flash Thompson] removed {{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{cTve8GMJSMyZyHR_4zPNVQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false},}, reason: zen-disco-node-left({graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db}{cTve8GMJSMyZyHR_4zPNVQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false}), reason(left)
[2017-06-12 14:19:07,778][INFO ][cluster.service ] [Flash Thompson] added {{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db344afc92-af09-41a0-b6dd-1a3029c2c4db}{BT-UGEa-Sa2kojzt0Q3HgQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false},}, reason: zen-disco-join(join from node[{graylog-344afc92-af09-41a0-b6dd-1a3029c2c4db344afc92-af09-41a0-b6dd-1a3029c2c4db}{BT-UGEa-Sa2kojzt0Q3HgQ}{127.0.0.1}{127.0.0.1:9350}{client=true, data=false, master=false}])

Thanks!

jochen · June 13, 2017, 7:01am

But what’s your specific configuration? I know the documentation, but you might have made some mistakes.

Can you manually send messages to this input, e. g. using netcat (nc)?

Please post the complete configuration of Graylog and the inputs you’ve created.

ace · June 13, 2017, 10:42pm

Thanks for helping me with this Jochen. I figured it out and it was something minor. I doubled checked the IPs for each input and saw that they were set to 127.0.0.1. I changed it to the actual IP address of the Graylog server and now I’m able see the messages.

system · June 27, 2017, 10:43pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
UDP inputs not working Graylog Central (peer support)	3	7644	January 3, 2019
New install, failing (invisible) input Graylog Central (peer support)	10	2369	September 27, 2017
No messages at all Graylog Central (peer support)	9	7258	April 6, 2018
New Graylog Install - Inputs Not Generating Any Messages Graylog Central (peer support)	7	2573	January 2, 2018
RSYSLOG UDP works but not SYSLOG TCP Graylog Central (peer support)	9	12211	October 6, 2017

No Input Messages

Related topics