RSyslog - Centos 7

Hi, I am using Graylog for the first time and trying to send simple unencrypted rsyslog messages from a Centos 7 machine to my Graylog server. I see the graylog server receiving the messages but they do not show up in the web ui.


[me@localhost]$ sudo tcpdump -i any -v ‘port 5140’
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:43:39.796542 IP (tos 0x0, ttl 64, id 33082, offset 0, flags [DF], proto UDP (17), length 79) > graylog.5140: UDP, length 51

In the /etc/rsyslog.conf of the system sending the message (is a star dot star but this formatting block is ignoring the stars):

. @

My graylog server input has this filter input:

raw plaintext / udp

override_source: empty
port: 5140

Did you checked if the time on both server is in sync?

Why you did not create a UDP Syslog input?

Hi Jan,

The server is synched to internal NTP servers. I first tried the UDP Syslog input but same issue. Searched online and someone suggested using UDP raw plaintext.

I will try a test again this afternoon.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.