boospy
(Mario Loderer)
January 18, 2019, 10:42pm
1
Hello all
i’ve installed graylog v2.5.1+34194da on Ubuntu 18.04. The program is working fine. But i’am not able to get data from clients. So i think i misunderstanding something.
On the graylogserver i activated the plugin “syslog” on port 1514. On the clientside i activated the rsyslogdaemon to send logs to graylog on this port:
cat /etc/rsyslog.d/51-remote.conf
*.* @graylog.local:1514;RSYSLOG_SyslogProtocol23Format
but nothing goes to graylogserver. If i send from the sameclient to the rsyslogserver running on graylog, this is working. So what i’am doing wrong?
Here are the pluginconfig:
allow_override_date: true
bind_address: gaylog.local
expand_structured_data: false
force_rdns: false
override_source: <empty>
port: 1514
recv_buffer_size: 262144
store_full_message: false
Thanks a lot
best regards
boospy
Ponet
(Jesse Hills)
January 18, 2019, 10:48pm
2
Hi @boospy
Is your syslog input listing on UDP or TCP?
Thanks
boospy
(Mario Loderer)
January 18, 2019, 10:51pm
3
Rsyslog was listening to UDP and receives messages from clients. But i think this is wrong. Graylog should receives the messages.
Ponet
(Jesse Hills)
January 18, 2019, 10:59pm
4
Any firewalls in the way blocking UDP/1514 ?
If you run tcpdump on the graylog host, can you see the packets reaching the server?
boospy
(Mario Loderer)
January 18, 2019, 11:15pm
5
Yeah, found the failure. Port was closed because of bindadress. Changed from
bind_address: gaylog.local
to
bind_address: ::
system
(system)
Closed
February 1, 2019, 11:15pm
6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.