Raw UDP input - not showing

Oirbsiu · May 20, 2021, 11:34am

Hi All,
I’m currently testing Greylog before installing to production. Goal is to get Greylog to store our RADIUS logs.

Steps done.
I downloaded the OVA - ran update
launched web portal - no issues.
created RAW/UDP input and tested using netcat
echo "Hello" | nc -u -w 1 x.x.x.x 1646

This is being recorded in Greylog - ace

Sending test Radius Data - I took a tcpdump of live data and used bittwist to edit the source and destination IP and then sent this on to my Greylog VM.
Running tcpdump, I could see the packets on port 1646 but nothing is appearing in the received messages.

I can also see that greylog is listening on port 1646

what am i missing? my only thoughts are the timestamps??
Mark

shoothub · May 20, 2021, 5:49pm

Yes, usually it’s problem with timestamps. Try to show if the messages are not saved with future timestamps. Try to use relative time frame selector and select to future dates.

Check also that device uses UDP and not TCP.
Check time synchronization with NTP and correct timezone

https://docs.graylog.org/en/4.0/pages/searching/time_frame_selector.html#absolute-time-frame-selector

system · June 3, 2021, 5:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issue with Syslog input UDP Graylog Central (peer support)	3	527	November 1, 2019
GELF UDP input not listening input from other server Graylog Central (peer support)	5	1993	July 22, 2019
UDP inputs not working Graylog Central (peer support)	3	7334	January 3, 2019
Graylog inputs do not seem to be working Graylog Central (peer support)	5	2675	September 7, 2018
Nothing appearing in Search Graylog Central (peer support)	6	4172	March 23, 2017

Raw UDP input - not showing

Related Topics