No messages at all

I just have installed a new plain graylog server on CentOS 7.4 (selinux and firewall disabled) based on the documentation here: http://docs.graylog.org/en/2.4/pages/installation/os/centos.html

I configured a plaintext input to send syslogs by test to create the correct extractor.

• With tcpdump I can see incoming messages,
• I see the messages in the messagejournal log
• The Default Index (System/Indices) set says: 1 Index 12,657 documents, 6.1MB
• The input shows incoming messages

But when I click in the Inputs on the input to Show received messages, it lasts forever and shows nothing!!!
When I click on “Manage extractors”/“Getting started”/Load Message"
I get only the error: Input did not return a recent message.
When I search all messages with star (enabled wildcard search in server.conf), nothing is returned.

Nothing in the logs. No error, or anything else. Based on the logs everything should be fine!

WHERE ARE ALL THESE MESSAGES!!!
Sorry, but I’m quite angry.
I hoped so that graylog is a professional product which works out of the box as expected, but I spendt the last hours in troubleshooting, although I had to do something completely different.

Hi Roland,

I would start by checking the date and time on both the Graylog server and the server sending messages to Graylog, since wrong times may sometimes set “wrong” timestamps either in the past or future that may not show up in searches. You could also try looking for those messages by using an absolute timerange and being quite generous with both from and to time ranges.

In case that doesn’t help, please share with us example messages you are sending to Graylog, as well as Graylog and ES logs that appear while those messages are being sent to the server. In that way we have more information to be able to help with the issue you are experiencing.

Cheers,
Edmundo

Hello
Time is correct. All systems synchronize against the same ntp server.
Also checked time zones. All CET (Europe/Zurich)

Also tried absolute time range from 1.1.2010 to 1.1.2020
No result.

The messages I get (tcpdump) is (one sample):

<134>Mar 23 14:51:58 filterlog: 61,0,em1,match,pass,out,4,0x0,64,0,0,DF,6,tcp,60,192.168.200.108,192.168.200.120,55544,10051,0,S,2185290946,65228,mss;nop;wscale;sackOK;TS
14:52:00.304608 IP vm-tbk-fw-06.tbk.local.syslog > vm-tbk-log-01.tbk.ch.personal-agent: SYSLOG local0.info, length: 175

Opend Browser Console an got the follwoing javascript error when go to System/Inputs and click on show received inputs:

[Sorry, I would like to give you the trace but Your system says: New Users are allowed only to send two Links in a post], and uploading a text file is also not allowed!

Below the graylog serverlog for running about 10min. Tried to open received messages from a input, tried to search with absolute time frame:

I would like to attach or paste the log file but AGAIN YOU SYSTEM SAYS:

Sorry, new users can only mention 2 users in a post.
Sorry, new users can only put 2 links in a post.

How should I provide any logs or traces?

• Properly format the text snippets: Creating and highlighting code blocks - GitHub Docs
• Any PasteBin service:
  • https://gist.github.com
  • https://0bin.net

There’s no timezone information in this message timestamp, so Graylog will assume it’s in UTC.

Just tried it with the ovf appliance. Same result.
I think I stop this experiment here. Seems not to make sense to spend another lot of time just to get it initially running.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.