Hello,
I send the logs of my firewall (palo alto) by syslog on the logs of the firewall I see that it connects to my server graylog but I do not receive te logs on my graylog server.
do you have an idea of what’s going on?
No, because you haven’t provided any information about the setup, such as the complete configuration of all relevant components and their complete logs.
http://docs.graylog.org/en/2.4/pages/configuration/file_location.html
I just saw no one input syslog work, she operated before
my input switch
2018-06-18T16:41:16.336+02:00 INFO [AggregatesMaintenance] Removed 0 history items
2018-06-18T16:42:16.335+02:00 INFO [AggregatesMaintenance] Removed 0 history items
2018-06-18T16:43:16.336+02:00 INFO [AggregatesMaintenance] Removed 0 history items
2018-06-18T16:43:50.106+02:00 INFO [InputStateListener] Input [Syslog TCP/5addde8e61a3b40f11d66023] is now STOPPING
2018-06-18T16:43:50.107+02:00 INFO [InputStateListener] Input [Syslog TCP/5addde8e61a3b40f11d66023] is now STOPPED
2018-06-18T16:43:50.107+02:00 INFO [InputStateListener] Input [Syslog TCP/5addde8e61a3b40f11d66023] is now TERMINATED
2018-06-18T16:43:50.994+02:00 INFO [InputStateListener] Input [Syslog TCP/5addde8e61a3b40f11d66023] is now STARTING
2018-06-18T16:43:50.996+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SyslogTCPInput{title=Switch/routeur , type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=c910ac4e-778c-4485-bcda-3aa3f93a0580} should be 1048576 but is 212992.
2018-06-18T16:43:50.997+02:00 INFO [InputStateListener] Input [Syslog TCP/5addde8e61a3b40f11d66023] is now RUNNING
Conf switch
logging host 192.168.10.1 transport tcp port 1514
logging trap 6
logging on
i can ping my server graylog from the switch
my input
allow_override_date:
true
bind_address:
0.0.0.0
expand_structured_data:
false
force_rdns:
false
max_message_size:
2097152
override_source:
<empty>
port:
1514
recv_buffer_size:
1048576
store_full_message:
false
tcp_keepalive:
false
tls_cert_file:
<empty>
tls_client_auth:
disabled
tls_client_auth_cert_file:
<empty>
tls_enable:
false
tls_key_file:
tls_key_password:
use_null_delimiter:
false
i dont got more information
My switch input work now
If you provide some details about the problem, other users with the same problem can find it when searching the forum.
more info would definitely help, but make sure that you opened port 1514 on the firewall of the graylog server as well.
https://firewalld.org/documentation/man-pages/firewall-cmd.html
I restarted my input and handed the conf to the switch after that it worked
logging host 192.168.10.1 transport tcp port 1514
logging trap 6
logging on
For the firewall it was my bad, I just created the profile he had to select the logs to send. It’s for that on the log of my firewall and my input said connected but i didn’t see a log coming.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.