I can see my rsyslog client is sending logs to the graylog2 server (docker setup), but I cant seem to see any sign graylog is seeing any logs what so ever. Searching for “ERROR” produces no results.
Firewall rules look ok?
root@ubuntu16-host1:/etc/sysctl.d# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
CATTLE_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain CATTLE_FORWARD (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0x1068
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0x4000
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.17.0.5 tcp dpt:12201
ACCEPT tcp -- 0.0.0.0/0 172.17.0.5 tcp dpt:9000
ACCEPT tcp -- 0.0.0.0/0 172.17.0.5 tcp dpt:514
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
root@ubuntu16-host1:/etc/sysctl.d#
Where do I look next?