Some Appliances forwarding Syslogs while others aren't

(Linden) #1

I am currently using the Syslog UDP (port 514) as an input for appliance syslogs. Port 514 for UDP and TCP have also been opened on the firewall. Some appliances (e.g., Peplink Balance, vCenter) are able to forward syslogs to my Graylog server just fine after pointing their log forwarding to my Graylog server’s IP address.

However, for other appliances (e.g., Dell EqualLogic), after configuring syslog notifications to be forwarded to my Graylog server, no messages are coming in. I have verified on the appliances in question that they are generating logs and are configured to forward to port 514/udp. I have also consulted their documentations on configuring syslog notifications (for instance, the document on Configuring Syslog Event Notification for the EqualLogic). However, my Graylog server does not receive them.

What should I be checking for to ensure that these appliances are forwarding syslogs? Thanks!

(Jan Doberstein) #2

Sniff the network - check with tcpdump if something comes in.

This is more a general question how to debug such sitautions and might not be Graylog relatet. You could check the Graylog server logs, maybe they are coming in wrong formated and you see that in the server.log.


(system) closed #3

