Output Doesn't Seem to Work

GTownson · April 4, 2018, 10:08am

I have created an output with the following config:

connect_timeout: 1000
hostname: xxx.xxx.xxx.xxx
max_inflight_sends: 512
port: 22001
protocol: TCP+TLS
queue_size: 512
reconnect_delay: 500
tcp_keep_alive: false
tcp_no_delay: false
tls_trust_cert_chain:
tls_verification_enabled: false

I assign this output to the ‘All Messages’ stream and have an input on another instance of Graylog with the following config:

bind_address: 0.0.0.0
decompress_size_limit: 8388608
max_message_size: 2097152
override_source:
port: 22001
recv_buffer_size: 1048573
tcp_keepalive: false
tls_cert_file:
tls_client_auth: disabled
tls_client_auth_cert_file:
tls_enable: true
tls_key_file:
tls_key_password: ********
use_null_delimiter: true

I see no active connections on the receiving graylog instance, I also have run tcmdump on the receiving box and can’t see any inbound traffic over that port. I have run tcpdump on the sending box only looking at the source IP of the sending box and the destination of the receiving box and see no traffic.
I believed this was a firewall issue, so I tried telnet from the sending box to the receiving box on port 22001 and it connects immediately and I see 1 active connection in the graylog input page, so firewalls don’t seem to be an issue.

Extra info:
Both on Ubuntu 16.04.LTS and both running graylog 2.2.3. are there any known issues with this version of graylog?

cheers,

George

jochen · April 4, 2018, 10:13am

Have you assigned the output to a stream?

What’s in the logs of your Graylog nodes?

GTownson · April 4, 2018, 10:22am

Okay, so I have found that when I assign the output to the ‘All Messages’ stream, nothing happens. I then create a new stream that has the rule: exists field: source and then assign the output to that stream and it works.

There seems to be some issue with assigning an output to the ‘All Messages’ stream.

jochen · April 4, 2018, 10:23am

Please create a bug report at https://github.com/Graylog2/graylog2-server/issues.

GTownson · April 4, 2018, 10:30am

Do you still wan’t the bug report as I am running Graylog 2.2.3 which is outdated?

jochen · April 4, 2018, 10:30am

Please upgrade to Graylog 2.4.3 first, and if the issue still exists, then open a bug report on GitHub.

GTownson · April 4, 2018, 10:42am

Currently we cannot upgrade. The local box is actually local to the client site and we have not scheduled in any downtime and I am reluctant to upgrade due to this fact.

We do have other newer Graylog instances on client site and I can confirm that running anything above 2.2.3 has resolved the issue.

system · April 18, 2018, 10:42am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Output Stream is not able to send logs to Syslog Graylog Central (peer support)	4	677	September 16, 2022
Output not sending anything Graylog Central (peer support)	29	2043	April 15, 2022
Graylog Output to Logstash using TCP+TLS Graylog Central (peer support)	2	377	January 12, 2023
Graylog inputs do not seem to be working Graylog Central (peer support)	5	2946	September 7, 2018
Troubleshoot why logs are not coming in Graylog Central (peer support)	3	3897	August 14, 2017

Output Doesn't Seem to Work

Related topics