I setup a test CENTOS 7 server with graylog2 on it to collect server logs that are being sent via rsyslog, however I am only able to see SYSLOG UDP in the web console and not TCP, which is what I would like to use.
No errors seem to be generated, the TCP message just don’t seem to be getting to the destination. Any assistance would be appreciated.
What’s the configuration of rsyslog?
What’s the configuration of the Syslog UDP input?
What’s the configuration of the Syslog TCP input?
Are there any packet filters or firewalls blocking TCP packets?
Just curious, but what type of logs were you attempting to forward toward Graylog? There are several vendors that don’t abide by typical Syslog standards and will this will cause issues when trying to input logs.
By normal I mean something that comes in centos by default such as /var/log/messages and not by applications install later such as /var/log/graylog-server/server.log for example.
rsyslog.conf was pettry mych default I just added *.* @@<destination_ip>:5155;GRAYLOG5424
The problem I was having was that I was making rsyslog and graylog listen for logs on the same port. Turns out if you turn off rsyslog from listening and just let graylog’s input rule listen for the messages it works as intended.
Yes, the template is setup in /etc/rsysconfig.d/graylog.conf maybe there is a misunderstanding here. This problem is now solved. Thanks for all the help.