Hello, I have installed latest verison of graylog, and added a syslog udp input, port 5514. I have configured a server to send everything on, with this : . @10.111.3.35:5514 but nothing come. So with TCPdump on my Graylog box, I sniff with :
root@graylog:~# tcpdump host 10.111.3.36 and port 5514 -vvvvv
(10.111.3.36 is my rsyslog client , and 10.111.3.35 is my graylog box)
And I have traffic !
09:51:02.174515 IP (tos 0x0, ttl 64, id 57192, offset 0, flags [DF], proto UDP (17), length 208)
10.111.3.36.48542 > 10.111.3.35.5514: [udp sum ok] UDP, length 180
09:51:02.174641 IP (tos 0x0, ttl 64, id 57193, offset 0, flags [DF], proto UDP (17), length 208)
10.111.3.36.48542 > 10.111.3.35.5514: [udp sum ok] UDP, length 180
09:51:04.769492 IP (tos 0x0, ttl 64, id 57604, offset 0, flags [DF], proto UDP (17), length 115)
10.111.3.36.48542 > 10.111.3.35.5514: [udp sum ok] UDP, length 87
09:51:05.222753 IP (tos 0x0, ttl 64, id 57673, offset 0, flags [DF], proto UDP (17), length 254)
10.111.3.36.48542 > 10.111.3.35.5514: [udp sum ok] UDP, length 226
So my syslog packets arrive on the graylog box, but not in Graylog !
My iptable is cleared by :
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
And when I test with logger like this :
logger coucou -n 10.111.3.35 -P 5514 ==> It works !
Two servers are Ubuntu 16.04, can anybody helps me ?
