[graylog2] sylogd on graylog2 server at port 514 not getting configured in listening mode ?

Wed, 22 Oct 2014 15:04:07 -0700 

Hi

I configured the below information on the syslogd server as per the 
documentation

Followed the steps:

1. Create an rsyslog configuration file in /etc/rsyslog.d. We will call 
ours 90-graylog2.conf:

sudo vi /etc/rsyslog.d/90-graylog2.conf

2. In this file, add the following lines to configure rsyslog to send 
syslog messages to your Graylog2 server (replace gl2_private_IP with your 
Graylog2 server's private IP address):

#!/bin/bash

$template GRAYLOGRFC5424,"%protocol-version% %timestamp:::date-rfc3339% 
%HOSTNAME% %app-name% %procid% %msg%\n" *.* @<Ipaddress of the syslogd 
server>:514;GRAYLOGRFC5424

3. Save and quit. This file will be loaded as part of your rsyslog 
configuration from now on. Now you need to restart rsyslog to put your 
change into effect.

sudo service rsyslog restart

On the graylog2-server, the 514 UDP port is configured

The sylogd service is stopped on Graylog2 server




[root@graylog2 ~]# iptables -t nat -L -n -v


Chain PREROUTING (policy ACCEPT 832 packets, 88870 bytes)


pkts bytes target prot opt in out source destination


0 0 REDIRECT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 redir ports 10515


0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:514 redir ports 5514


0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:514 redir ports 5514


0 0 REDIRECT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:514 redir ports 2525


[root@graylog2 ~]# netstat -an | grep 514


tcp 0 0 127.0.0.1:27017 127.0.0.1:51498 ESTABLISHED


tcp 0 0 ::ffff:127.0.0.1:51498 ::ffff:127.0.0.1:27017 ESTABLISHED


udp 0 0 ::ffff:10.222.189.50:514 :::*


[root@graylog2 ~]# netstat -an | grep 2525


udp 0 0 ::ffff:10.222.189.50:2525 :::*


Note -> they are not running in listening state


Please, help as got stuck at this phase


Thanks and Regards,





-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Attachment: graylog issue.docx
Description: MS-Word 2007 document

Reply via email to