Normally port 514 is blocked by SELinux, so you have to redirect port. You can do this like this: iptables -t nat -A PREROUTING -p UDP -m udp --dport 514 -j REDIRECT --to-ports 5514
Of course then you have to run graylog input at 5514 port. If still input is not visible, check tich tcpdump port 5514. W dniu poniedziałek, 14 marca 2016 23:07:41 UTC+1 użytkownik pleomax mr napisał: > > Hi all, > > I have a linux server with "shd01vbld01:8080" . I want to access logs > from this linux server into graylog . I made some config changes to file > "/etc/rsyslog.conf" by adding > " *.* @graylog.example.org:514;RSYSLOG_SyslogProtocol23Format" > > > Where graylog.example.org is the IP Address of my graylog server I > provided. > > > And then I restaretd the rsyslog; > > Then I created input syslog_UDP. But I didn't find any logs coming from my > linux server?? > > DO we need to provide bind address and port of linux server in graylog > when we create input or else the same default bind address (0.0.0.0) and > port (514) are fine to see the logs in server. > > > CAn you please tell me when am I going wrong in this. > > > Thank you > Sam > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ff75d570-80ba-48a8-8230-53355cbc2bd5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
