Send data with rsyslog

hello,

i configure my graylog server but i cant see the data sending with rsyslog
someone can help me please?

Hi,

is there an input configured for receiving syslog messages? Is your syslog server configured to send data to the Graylog server? Is the Syslog server able to reach the Graylog server and the configured port?

Or: what have you already tried to make it work? Please be more verbose and tell us about what you’ve already done.

Hi
I followed the configuration proposed by the website.
the server works because I saw the home page of the site but when I do an input I see no message.
The syslog server is configured

Do you speak French ?

Hey,

  1. was an input created and is it running? Has the correct transmission protocol been selected? Does the port match the one from rsyslog Conf?

  2. can you ping the terminal on your server to the server that should send the logs? Can the other server reach your Graylog server via ping? Are the firewalls active on your systems?

  3. what does your rsyslog Conf look like? Is it the same protocol and port as the input? Did you restart the service after the Conf change?

Cheers Jonas

hi

  1. an input is created and it is reunning. yes for the test i create a syslog udp and it’s running wel but i can’t send data on my graylog server from syslog. yes i configured syslog in order to receive a udp protocol

  2. syslog and graylog are on the same server but i created a client to test my conf and i can ping my server . no we have not a firewalls active

  3. you can see i do only thi configuration

provides UDP syslog reception

module(load=“imudp”)
input(type=“imudp” port=“1514”)

provides TCP syslog reception

module(load=“imtcp”)
input(type=“imtcp” port=“1514”)
yes iyes it’s the same port i started also.

and i have the error

An input has failed to start (triggered in 2 hours)

Input 5d4a922579b826279b7aef0b has failed to start on node 5a07d5ef-bb08-4f88-8519-20ba945fe886 for this reason: »bind(…) failed: Adresse déjà utilisée.«. This means that you are unable to receive any messages from this input. This is mostly an indication for a misconfiguration or an error.

I guess you have a misunderstanding …

The Input needs to be created in the Graylog UI and not on the Syslog server that is running on the same Server that Graylog is running on. As no the same services are able to use the same port you get the error in Graylog.

You might want to check the Getting started guide: http://docs.graylog.org/en/3.1/pages/getting_started.html

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.