[graylog2] Re: Cannot see messages in Graylog

[Jochen Schalanda]

Hi Beth,

GELF via TCP works a little different from GELF via UDP on a transport 
protocol level.

Please try the following configuration for nxlog (see the different 
OutputType):


<Output out>
   Module om_tcp
   Host 147.xx.xx.xxx
   Port 12205
   OutputType GELF_TCP
   Exec file_write("C:\\Program Files 
(x86)\\nxlog\\data\\nxlog_output.log", $raw_event);
</Output>



Cheers,
Jochen

On Saturday, 23 April 2016 00:47:36 UTC+2, OlyLady wrote:
>
> I have configured a GELF TCP source in Graylog. I have one Windows 10 box 
> sending to the Graylog server using nxlog. I can see successful connections 
> in the nxlog logs.  From the Graylog Inputs screen it is showing messages 
> coming in, around 4 messages per second.  This is about right for this 
> source.  When I click on the Show Received Messages, I don't see any 
> messages, however. When I configure the source to send with GELF UDP, I can 
> see the messages no problem.  I have no idea why I can't get TCP to work. 
>  Below are some of my configs.
>
> nxlog set for *TCP *output and I do not see the messages in Graylog:
>
> <Output graylog>
>     Module      om_tcp
>     Host        147.xx.xx.xxx          (I am not revealing my true IP)
>     Port        12205
>     OutputType    GELF
>     Exec file_write("C:\\Program Files 
> (x86)\\nxlog\\data\\nxlog_output.log", $raw_event);
> </Output>
>
> nxlog set for *UDP *output and I do see the messages in Graylog:
>
> <Output graylog>
>     Module      om_udp
>     Host        147.xx.xx.xxx
>     Port        12201
>     OutputType    GELF
>     Exec file_write("C:\\Program Files 
> (x86)\\nxlog\\data\\nxlog_output.log", $raw_event);
> </Output>
>
> Graylog GELF UDP source and I can see messages:
>
>
>    - override_source:
>    - recv_buffer_size: 1048576
>    - bind_address: 0.0.0.0
>    - port: 12201
>
> Graylog GELF TCP source and I can see traffic on the Inputs screen but see 
> nothing when I click on Show Received Messages:
>
>
>    - recv_buffer_size: 1048576
>    - port: 12205
>    - tls_key_file: username
>    - tls_key_password: *******
>    - use_null_delimiter: true
>    - tls_client_auth_cert_file:
>    - max_message_size: 2097152
>    - tls_client_auth: optional
>    - override_source:
>    - bind_address: 0.0.0.0
>    - tls_cert_file:
>
> Any help would be appreciated.
>
> Beth
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fd655166-6d9b-466d-97aa-d4cabb88143d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.