Unable to get the logs in graylog gui

linuxuser · January 25, 2022, 12:57pm

1. Describe your incident:
I am able to get the logs from all devices that are added to graylog but unable to see the logs from a firewall to my graylog gui although the traffic from that device is visible in the cli.

And I get this in /var/log/elasticsearch/graylog.log file.
– cat graylog.log |grep ‘172.20.23.148’

[2022-01-25T17:32:59,998][DEBUG][o.e.a.b.TransportShardBulkAction] [DC-ELASTIC-01] [graylog_3][1] failed to execute bulk item (index) index {[graylog_deflector][message][ad330c80-7dd6-11ec-923d-005056a5b9cb], source[{"date":"2022-01-25,time=17:32:58,devname=","devid":"FGT1KD5818800570","msg":"Delete 2 old report files","tz":"+0530","gl2_remote_ip":"172.20.23.148","gl2_remote_port":9223,"eventtime":"1643112179228197507,tz=","source":"172.20.23.148","type":"event","gl2_source_input":"5ee4aa493751891269f56286","subtype":"system","devname":"DC-DEL-EFW-01","gl2_source_node":"a0c03946-aab2-44b2-a932-ecb6889d495d","timestamp":"2022-01-25 12:02:32.391","level":6,"streams":["000000000000000000000001"],"message":"date=2022-01-25,time=17:32:58,devname=\"DC-DEL-EFW-01\",devid=\"FGT1KD5818800570\",eventtime=1643112179228197507,tz=\"+0530\",logid=\"0100020027\",type=\"event\",subtype=\"system\",level=\"information\",vd=\"root\",logdesc=\"Outdated report files deleted\",msg=\"Delete 2 old report files\"","vd":"root","logdesc":"Outdated report files deleted","20201217":"2","full_message":"<190>date=2022-01-25,time=17:32:58,devname=\"DC-DEL-EFW-01\",devid=\"FGT1KD5818800570\",eventtime=1643112179228197507,tz=\"+0530\",logid=\"0100020027\",type=\"event\",subtype=\"system\",level=\"information\",vd=\"root\",logdesc=\"Outdated report files deleted\",msg=\"Delete 2 old report files\"","logid":"0100020027","facility":"local7"}]}

2. Describe your environment:

OS Information: Ubuntu 18.04
Package Version: Graylog 3.0.2 and Elasticsearch 6.8

gsmith · January 25, 2022, 11:45pm

Hello

What type of input are you using for your firewall logs?

Could you explain in greater detail of your configuration to ingest firewall logs.

Thanks

linuxuser · January 27, 2022, 5:39am

Thanks for your response.
We are using syslog udp input on port 1514 to collect all message logs. And also created a gelf input on same port.

gsmith · January 27, 2022, 5:40am

Troubleshooting 101.

Try using RawPlainText UDP for your firewall logs see if that works.
EDIT: If you can keep the default port on that to 5555

system · February 10, 2022, 5:41am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to receive logs from cisco devices Graylog Central (peer support)	8	533	April 24, 2019
Can't see logs in the gui Graylog Central (peer support)	3	92	April 8, 2024
Missing Log Source Graylog Central (peer support)	2	743	April 3, 2019
Log can received from firewall but cannot show in search Graylog Central (peer support)	5	207	September 1, 2022
I need help with connecting my firewalls to graylog Graylog Central (peer support)	64	225	April 25, 2024

Unable to get the logs in graylog gui

Related Topics