Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Input Syslog TCP on port 1514 not receiving messages on graylog, but I can see traffic when I run “sudo tcpdump -i any -v port 1514”

2. Describe your environment:

• OS Information: Ubuntu 20.04

• Package Version:graylog v. 4.2.9

• Service logs, configurations, and environment variables:
  All standard. Elastic search, mongo, graylog, etc. all services running with no errors.

3. What steps have you already taken to try and solve the problem?
-re-creating the input
-sending logs from more devices

4. How can the community help?
Hi all. New to graylog and the community, please help me troubleshot why I am not receiving TCP logs in port 1514 from Input Syslog TCP (Syslog UDP is fine, I am receiving messages in graylog platform).

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hello && Welcome @holiveir

I might be able to help. This could be a couple of different solution.

We would need to know the following:

• Show the configuration on the input used.

• Date/Time are correct. Located under System/Overview → Time configuration

• What do you see in the log files that may pertain to this issue (i.e. Elasticsearch, MongoDb, Graylog, etc…)

• Have you tried a different type of input, for example Syslog UDP?

• Is this a fresh install?

• Are there any extractors or pipeline running on this INPUT?

Hi @gsmith, it was the Date/Time that was not sync between user, system and web browser. I receive logs normally now. Thanks for your input, it helped me to do some more specific research and troubleshooting.

Hello,

It happens, glad I could help. If you could mark this as resolved for future searches that would be great.