I am new to Graylog and this forum and I have been working on a problem with my graylog set up all day and can’t find a solution online, in the marketplace or the documentation. I followed the documentation here: http://docs.graylog.org/en/2.2/pages/installation/docker.html
This is all running on a server, (mongo, elasticsearch and graylog) and I have a couple of remote servers that I want to receive logs from. I edited the rsyslog.conf file on the remote servers to send logs on port 514 initially which didn’t work, and then I changed to 5140, which also didn’t work.
I also tried to set up various inputs on the graylog web interface but couldn’t get any data into graylog. What should I do? I’m wondering is docker at fault here, firewalls are open and I’m able to ping and nc to the port number from the other servers. What ports do I need to use to send log data in? I also have log files collecting from my fairly basic application, and can’t figure out how to send these either.
Thanks for the quick response and help Jan. This looks promising!
So I’ve tried both internal and external IP address, and it’s still not clear to me how to get any messages in. I have set up 4 different inputs:
Gelf UDP on port 12201,
Raw plaintext TCP on port 5555,
Syslog UDP on port 5140,
Syslog TCP on port 514.
I’ve been trying to get a message in using the following commands with different ports which I found in the documentation but have had no joy.