RSyslog - Centos 7

rnelson · October 10, 2018, 9:16pm

Hi, I am using Graylog for the first time and trying to send simple unencrypted rsyslog messages from a Centos 7 machine to my Graylog server. I see the graylog server receiving the messages but they do not show up in the web ui.

tcpdump:

[me@localhost]$ sudo tcpdump -i any -v ‘port 5140’
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:43:39.796542 IP (tos 0x0, ttl 64, id 33082, offset 0, flags [DF], proto UDP (17), length 79)
192.168.1.10.52760 > graylog.5140: UDP, length 51

In the /etc/rsyslog.conf of the system sending the message (is a star dot star but this formatting block is ignoring the stars):

. @192.168.1.10:5140

My graylog server input has this filter input:

raw plaintext / udp

bind_address: 0.0.0.0
override_source: empty
port: 5140
recv_buffer_size_empty

jan · October 11, 2018, 5:53am

Did you checked if the time on both server is in sync?

Why you did not create a UDP Syslog input?

rnelson · October 16, 2018, 9:43pm

Hi Jan,

The server is synched to internal NTP servers. I first tried the UDP Syslog input but same issue. Searched online and someone suggested using UDP raw plaintext.

I will try a test again this afternoon.

system · October 30, 2018, 9:44pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
RSYSLOG UDP works but not SYSLOG TCP Graylog Central (peer support)	9	12192	October 6, 2017
Syslog UDP and Raw/Plaintext UDP not accepting input, TCP works Graylog Central (peer support)	2	1897	July 18, 2018
UDP inputs not working Graylog Central (peer support)	3	7636	January 3, 2019
No message sources found Graylog Central (peer support)	6	1717	April 5, 2017
Syslog messages don't arrive on graylog, but shown in tcpdump Graylog Central (peer support)	5	3109	August 21, 2017

RSyslog - Centos 7

Related Topics