Run Graylog as root or use iptables to redirect traffic bound for 514 to whatever port you've configured Graylog to collect syslog messages on.
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 514 -j REDIRECT --to-port 1514 -- Later, Darin On Fri, Jul 29, 2016 at 10:36 AM, Nathan Mace <[email protected]> wrote: > I'm looking to replace a small Splunk instance with Graylog. One of things > that sends logs into Splunk now is many remote field offices' worth of > routers and switches. All via UDP 514. I had originally thought once I got > everything configured I could simply shut down the Splunk server and assign > it's IP address to Graylog and be good to go. However all of those remote > devices are set to transmit on port 514, and I can't create an input on > Graylog for that port number (partially because it's in use by the systems > own syslog service and partially because I can't assign an input on a low > numbered port number). > > What are my options besides reconfiguring all of those switches and routers? > > Nathan > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/85ae7a83-52f1-423e-b4ab-acaed966de08%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CADaviKvmOCBxf7Pn%3Ds71uUYjEBAe-YYge8L5nr_x-k-5%2Be_DtA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
