RSyslog - Centos 7


#1

Hi, I am using Graylog for the first time and trying to send simple unencrypted rsyslog messages from a Centos 7 machine to my Graylog server. I see the graylog server receiving the messages but they do not show up in the web ui.

tcpdump:

[me@localhost]$ sudo tcpdump -i any -v ‘port 5140’
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:43:39.796542 IP (tos 0x0, ttl 64, id 33082, offset 0, flags [DF], proto UDP (17), length 79)
192.168.1.10.52760 > graylog.5140: UDP, length 51

In the /etc/rsyslog.conf of the system sending the message (is a star dot star but this formatting block is ignoring the stars):

. @192.168.1.10:5140

My graylog server input has this filter input:

raw plaintext / udp

bind_address: 0.0.0.0
override_source: empty
port: 5140
recv_buffer_size_empty


(Jan Doberstein) #2

Did you checked if the time on both server is in sync?

Why you did not create a UDP Syslog input?


#3

Hi Jan,

The server is synched to internal NTP servers. I first tried the UDP Syslog input but same issue. Searched online and someone suggested using UDP raw plaintext.

I will try a test again this afternoon.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.