syed
April 4, 2017, 1:32pm
1
Hi,
I’m new to graylog and struggling to get it to work. I have created the below file on the server i wish to monitor
/etc/rsyslog.d/90-graylog2.conf
$template GRAYLOGRFC5424,"%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
*.* @185.70.xxx.xxx:5140;GRAYLOGRFC5424
*.* @@185.70.xxx.xxx:5514;GRAYLOGRFC5424
and created inputs for both tcp and udp as below as per instructions
SYSLOG TCP (Syslog TCP) 1 running
Network IO: 0B 0B (total: 1,8MiB 0B ) Show details
Total connections: 1 (1 active) Show details
allow_override_date: true
port: 5140
bind_address: 185.70.xxx.xxx
recv_buffer_size: 1048576
SYSLOG UDP (Syslog UDP) 1 running
Network IO: 0B 0B (total: 1.9MiB 0B ) Show details
allow_override_date: true
port: 5514
bind_address: 185.70.xxx.xxx
recv_buffer_size: 1048576
When i click on sources there is nothing there. IP tables have been turned off on both servers.
Any ideas as to what ive missed or not done correctly?
Thanks
jochen
April 4, 2017, 2:43pm
2
You’ve got it the wrong way round. In the rsyslog configuration, @ means UDP, @@ means TCP.
Please refer to https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#rsyslog for the relevant documentation.
syed
April 5, 2017, 7:50am
3
Thanks, ive updated this and restarted the syslog service but im still not seeing anything?
jochen
April 5, 2017, 8:21am
4
What did you change exactly and what’s the current configuration of your Graylog syslog inputs and rsyslog?
syed
April 5, 2017, 8:40am
5
Hi,
I just changed the 90-graylog2.conf file in rsyslog.d
$template GRAYLOGRFC5424,"%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
*.* @@185.70.10.253:5140;GRAYLOGRFC5424
*.* @185.70.10.253:5514;GRAYLOGRFC5424
The gralog inputs are still the same
jochen
April 5, 2017, 9:59am
6
Please use the RSYSLOG_SyslogProtocol23Format rsyslog template instead of your custom one (as described in https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#rsyslog ) and make sure that your machine running rsyslog is able to connect to the Graylog syslog inputs you’ve configured.
syed
April 5, 2017, 2:54pm
7
Hi,
Thanks its working now.
I’m having some issues setting up the dashboard. The bar charts don’t seem to work, a refresh icon in the middle of the place holder flashes periodically.
I’m also unable to get a pie chart to display, i have selected quick values from the messages side bar. but all i get is a table with the percentage and count.
