*I have had the following setup working perfectly: * proxmox hypervisor => sending logs via rsyslog UDP port 514 proxmox LXC guest1 => sending logs via rsyslog UDP port 514 proxmox LXC guest2 => sending logs via rsyslog UDP port 514 proxmox LXC guest3 => sending logs via rsyslog UDP port 514 proxmox *KVM *guest4 <= receiving all those logs into graylog2 alpha5
*Now I decided to get rid of the KVM virtual machine and install graylog2 beta1 into a LXC container* *NEW situation:* proxmox hypervisor => sending logs via rsyslog UDP port 5140 proxmox LXC guest1 => sending logs via rsyslog UDP port 5140 proxmox LXC guest2 => sending logs via rsyslog UDP port 5140 proxmox LXC guest3 => sending logs via rsyslog UDP port 5140 proxmox *LXC* guest4 <= *receiving all all logs except guest1 into graylog2 alpha5* *All that changed was the port, from 514 to 5140. **So the problem is one specific machine seems to cannot send its logs. **The only thing I find in its logs is inside /var/log/messages * Mar 31 08:09:01 guest1 kernel: [598568.887604] IPv4: martian source LXC-guest4-IP from LXC-guest1-IP, on dev eth0 How can I debug this situation? I allowed the port 5140 in the firewall, even stopped and flushed the firewall. The problem must be with the LXC guest1 machine as all others are sending fine. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9dc39cda-1b07-41d6-b8d8-dd14ec0482a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
