Output Doesn't Seem to Work


(GT) #1

I have created an output with the following config:

connect_timeout: 1000
hostname: xxx.xxx.xxx.xxx
max_inflight_sends: 512
port: 22001
protocol: TCP+TLS
queue_size: 512
reconnect_delay: 500
tcp_keep_alive: false
tcp_no_delay: false
tls_trust_cert_chain:
tls_verification_enabled: false

I assign this output to the ‘All Messages’ stream and have an input on another instance of Graylog with the following config:

bind_address: 0.0.0.0
decompress_size_limit: 8388608
max_message_size: 2097152
override_source:
port: 22001
recv_buffer_size: 1048573
tcp_keepalive: false
tls_cert_file:
tls_client_auth: disabled
tls_client_auth_cert_file:
tls_enable: true
tls_key_file:
tls_key_password: ********
use_null_delimiter: true

I see no active connections on the receiving graylog instance, I also have run tcmdump on the receiving box and can’t see any inbound traffic over that port. I have run tcpdump on the sending box only looking at the source IP of the sending box and the destination of the receiving box and see no traffic.
I believed this was a firewall issue, so I tried telnet from the sending box to the receiving box on port 22001 and it connects immediately and I see 1 active connection in the graylog input page, so firewalls don’t seem to be an issue.

Extra info:
Both on Ubuntu 16.04.LTS and both running graylog 2.2.3. are there any known issues with this version of graylog?

cheers,

George


(Jochen) #2

Have you assigned the output to a stream?

What’s in the logs of your Graylog nodes?


(GT) #3

Okay, so I have found that when I assign the output to the ‘All Messages’ stream, nothing happens. I then create a new stream that has the rule: exists field: source and then assign the output to that stream and it works.

There seems to be some issue with assigning an output to the ‘All Messages’ stream.


(Jochen) #4

Please create a bug report at https://github.com/Graylog2/graylog2-server/issues.


(GT) #5

Do you still wan’t the bug report as I am running Graylog 2.2.3 which is outdated?


(Jochen) #6

Please upgrade to Graylog 2.4.3 first, and if the issue still exists, then open a bug report on GitHub.


(GT) #7

Currently we cannot upgrade. The local box is actually local to the client site and we have not scheduled in any downtime and I am reluctant to upgrade due to this fact.

We do have other newer Graylog instances on client site and I can confirm that running anything above 2.2.3 has resolved the issue.


(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.