Hi, I have a problem with remote logging one dedicated host.
The source host is running a Centos 5.11 with rsyslog 3.22.1-7.el5 configured to remote log to a Graylog2 server TCP syslog port 514. As I can see with tcpdump the source host is sending it's log properly: 09:34:10.853911 IP 10.4.4.91.50608 > 10.4.4.243.shell: Flags [P.], seq 1381017395:1381017470, ack 2091203713, win 46, options [nop,nop,TS val 168737839 ecr 2501108303], length 75 E.....@.@... ..[ .......RP.3|.<.....6b..... ../...O<86>Nov 6 08:34:10 localhost sshd[22721]: Connection closed by 10.4.4.243 09:34:10.853940 IP 10.4.4.243.shell > 10.4.4.91.50608: Flags [.], ack 75, win 114, options [nop,nop,TS val 2501141008 ecr 168737839], length 0 E..4..@.@.>. ... ..[....|.<.RP.~...r ...... ..b. ../ -- The problem is, that Graylog2 does not seem to accept this. I cannot see the source host within sources list on Graylog2 web interface or any search result. I started the graylog2 daemon in debug mode and "greped" for the source host name and ip and error messages but I could not find anything that lets me know that graylog is even receiving packages from that host. Are there any ideas how to debug this? -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
