I created a GELF UDP input in graylog with bind address 0.0.0.0 and port 5046
I added the following log4net AsyncGelfUdpAppender appender in my .Net project.
<appender name="AsyncGelfUdpAppender" type="Gelf4Net.Appender.AsyncGelfUdpAppender, Gelf4Net">
<!-- Number of log lines to buffer for async send. Defaults to 10-->
<bufferSize value="20" />
<!-- Number of tasks to use for the async appender. 0 or fewer indicates one task per processor-->
<threads value="2" />
<remoteAddress value="127.0.0.1" />
<remotePort value="5046" />
<layout type="Gelf4Net.Layout.GelfLayout, Gelf4Net">
<param name="AdditionalFields" value="app:AsyncUdpAppender,version:1.0,Environment:Dev,Level:%level" />
<param name="Facility" value="RandomPhrases" />
<param name="IncludeLocationInformation" value="true" />
<param name="SendTimeStampAsString" value="true"/>
</layout>
</appender>
Deploying via docker you just expose ports you use in your app, in case of docker it really depends ports your inputs listen on, in this case you need 9000 for graylog’s web interface and REST API, 1514 is probably syslog (514) upped by 1000 because non-root user can’t use ports smaller than 1024 (?), you don’t really need it if you don’t use corresponding input in graylog, 5046 is the port you need for your input, additionally to expose udp port you need to append /udp, in your case it should be -p 5046:5046/udp
I did try this.
docker run --link mongo --link elasticsearch
-p 9000:9000 -p 12201:12201 -p 5046:5046/udp
-e GRAYLOG_HTTP_EXTERNAL_URI=“http://127.0.0.1:9000/”
-d graylog/graylog:3.1
What should the bind address be when I create an input in Graylog? Right now, it’s 0.0.0.0 and still with this configuration, I see no messages in Graylog when I log through my application.
What do you think should be the remoteAddress and remotePort value if I use the docker command above?