so i appears the syslog messaged are not being password on by proxy. I have tested on a second setup and this received messages ok. I can now be sure that this is to do with nginx. If i monitor the traffic comming in to the nginx proxy is looks like the syslog messages from switches do not contain a port number so i can only assume nginx is then rejecting the messages. The switches are configure correctly and i have tried varying their configs slightly to test out theories. Has anyone had a similar problem ??My only other consideration is to install graylog on the proxy box and let it process those switch messages. but would then be an odd cluster then.
2. Describe your environment:
Ubuntu Server LTS x4
Mongo and Elasticsearch on x3
nginx on x1
each with 8 cores and 24gb ram
Package Version:
Graylog 6.0.3+eb761c5 (Eclipse Adoptium 17.0.11 on Linux 5.15.0-116-generic)
3. What steps have you already taken to try and solve the problem?
Hi there, yes i can see the syslog messages hittting the port on the nginx load balancer. but from what i can tell is that those messages do not contain a port number “IE 514” so it seems that the nginx LB doesnt know what to do with this. I tested this with another syslog product with no LB and works fine. So it must be my LB thats at fault.