I'm running tcpdumps (tcpdump -v -i eth0 port 514) on outputs from graylog to remote log service:
my.graylog.server.41166 > other.log.service:Flags [.], cksum 0x637c (incorrect -> 0x27cf), ack 1, win 229, options [nop,nop,TS val 191729014 ecr 971588430], length 0 Some responses from this service look like this: other.log.service: Flags [S.], cksum 0xc1b0 (correct), seq 2112645986, ack 2163394437, win 14480, options [mss 1380,sackOK,TS val 971588430 ecr 191729005,nop,wscale 7], length 0 11:47:40.860692 IP (tos 0x0, ttl 64, id 19178, offset 0, flags [DF], proto TCP (6), length 52) I'm able to see full messages inbound on the same port, but not these. Something seems amiss -- should I expect to see my output messages here, or is what I'm seeing "normal"? Thanks -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/97e6ae29-f8cb-48df-ac67-ebf543ae5587%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
