Not receiving TCP messages

Graylog Central (peer support)
#1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Input Syslog TCP on port 1514 not receiving messages on graylog, but I can see traffic when I run “sudo tcpdump -i any -v port 1514”

2. Describe your environment:

  • OS Information: Ubuntu 20.04

  • Package Version:graylog v. 4.2.9

  • Service logs, configurations, and environment variables:
    All standard. Elastic search, mongo, graylog, etc. all services running with no errors.

3. What steps have you already taken to try and solve the problem?
-re-creating the input
-sending logs from more devices

4. How can the community help?
Hi all. New to graylog and the community, please help me troubleshot why I am not receiving TCP logs in port 1514 from Input Syslog TCP (Syslog UDP is fine, I am receiving messages in graylog platform).

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

TCP Messages not showing on GL despite connection is OK
#2

Hello && Welcome @holiveir

I might be able to help. This could be a couple of different solution.

We would need to know the following:

  • Show the configuration on the input used.

  • Date/Time are correct. Located under System/Overview → Time configuration

  • What do you see in the log files that may pertain to this issue (i.e. Elasticsearch, MongoDb, Graylog, etc…)

  • Have you tried a different type of input, for example Syslog UDP?

  • Is this a fresh install?

  • Are there any extractors or pipeline running on this INPUT?

#3

Hi @gsmith, it was the Date/Time that was not sync between user, system and web browser. I receive logs normally now. Thanks for your input, it helped me to do some more specific research and troubleshooting.

1 Like
#4

Hello,

It happens, glad I could help. If you could mark this as resolved for future searches that would be great.

#5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.