I’m totally new to Graylog, Rsyslog and Elasticsearch. So I’ve set up Graylog as per the guide http://docs.graylog.org and I can log in fine, no issuse on the server. Version are:
Host - Ubuntu 18.04
Graylog - 3.0.0-12
Java - 1.8.0_191
Elasticsearch - 6.6.1"
MongoDB - 4.0.6
I’m using Rsyslog to send the logs from a Ubuntu 18.04 server to Graylog.
So I followed Sending syslog from Linux systems into Graylog and created a conf file -
graylog_syslog.conf in /etc/rsyslog.d/ and added . @172.24.228.161:514;RSYSLOG_SyslogProtocol23Format to it and restarted rsyslog. Checking the Status it get:
sudo service rsyslog status
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-02-21 10:35:30 UTC; 4min 3s ago
Main PID: 7840 (rsyslogd)
Tasks: 4 (limit: 2320)
└─7840 /usr/sbin/rsyslogd -n
Feb 21 10:35:30 UBmanagent systemd: Stopped System Logging Service.
Feb 21 10:35:30 UBmanagent systemd: Starting System Logging Service…
Feb 21 10:35:30 UBmanagent systemd: Started System Logging Service.
Feb 21 10:35:30 UBmanagent rsyslogd: imuxsock: Acquired UNIX socket ‘/run/systemd/journal/syslog’ (fd 3) from systemd. [v8.32.0]
Feb 21 10:35:30 UBmanagent rsyslogd: rsyslogd’s groupid changed to 106
Feb 21 10:35:30 UBmanagent rsyslogd: rsyslogd’s userid changed to 102
Feb 21 10:35:30 UBmanagent rsyslogd: [origin software=“rsyslogd” swVersion=“8.32.0” x-pid=“7840” x-info=“http://www.rsyslog.com”] start
I added n the Graylog server I added a new input as ‘Syslog UDP’, giving it a title and left everything as default. But is shows up as failed.
So I added the server IP the the Bind setting and the status changed to ‘Not running’
Checking the Graylog logs I get
I’m don’t know what is getting permission dined. Could any one point me in the right direction.