I am setting up a BitDefender to send logs (Syslog UDP) to Graylog.
However, I am having the following problem:
- Via TCPDUMP I see the logs arriving;
- On Graylog (WEB) only a few logs are being generated;
Ex: Basically every 1000logs I can see in Graylog only 3.
What can I validate to try to identify what is a problem?
Hello and welcome,
What version of graylog are you using?
What port are you using for you input? If your using port 514 that a privileged port. Might want to change to something over 1024 to see if that works.
What does your Syslog UDP INPUT configuration look like? Maybe something like this?
If it was my environment, check ES and Graylog log files for errors/warnings. Confirm that the Date/Time is correct on Graylog server and the remote device sending logs to graylog server.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.