I now have GrayLog up and running on my main rsyslog server, centos 7. As far as I can tell rsyslog is collecting all the syslog information from my servers and work stations, but GrayLog can not see any of this.
Question is am I doing something wrong, should I even be running rsyslog? I find the docs are GREAT once you get to know what is going on, but hard to comprehend with I am still learning how everything fits together.
Should I have other plugins loaded?
Are there any examples of a single GrayLog server setup, collecting syslog information from a few different devices/servers?
Yes, have read those instructions a few times. I expect if you know what is going on, they are pretty good. On the other hand if you are a person like me who is learning, they make little sense.
What am I supposed to do with those commands? Are they to go into a config file somewhere, Are they an input to a console? Does part of the comment/conf (which ever it is) need to be changed for my particular setup?
From what I have seen your code and program look absolutely 1st rate. The documentation, in particular where new people are concerned needs some work. Most other packages I have looked at either have a step by step setup instructions or a script that sets up a simgle server darn close to production environment.
I will give you once you go outside single server, and one LAN things get complex fast, but the single server environment will help new people like myself learn the syntax and structure of a system like Graylog.
I added those lines to my rsyscon conf file. I am still not getting any messages into GrayLog. I seem to be having the same issues as a colleague of mine. He struggled with trying to get GreyLog to work, and finally ended up just giving up after a week of nothing working.
I even downloaded you OVA machine, booted it up and it shows no messages of any type coming in.
listen.conf is probably the wrong config file. Your rsyslog is not listening Graylog, but sending log lines to it. So try another conf file. The correcto one is probably /etc/rsyslogd.conf. Also, use only one of the two lines at a time. Also, when runnin CentOS you need to make the port 514 a rsyslog port in SELinux, or disable SELinux, to make it work. This is a RedHat / CentOS specific howto: https://access.redhat.com/solutions/54363. The document describes both cases: receiving logs to rsyslog and sending logs from rsyslog, and also the selinux part. Read carefully.
When setting up log collection, you need to find a lot of resources that are not Graylog-specific, but specific to the system that is sending log lines.
Better then to read the link I gave first. One additional note, though. You make your life easier, if you use some other port for rsyslog than 514 (such as 5140) (as the first thousand ports are reserved for system daemons)