Hi Sam, you can get your interface number with
ifconfig -a you need the interface for the ip 162.20.100.27. Something like eth0, eth1. So the command should look like tcpdump -i eth0 port 5140 No you cannot use port 16001 because its in use. Mby you should double check your syslog input in graylog. Am 16.08.2016 8:44 nachm. schrieb "sam" <[email protected]>: > Hi Ha, > > I cant able to use this one : > > tcpdump -i ethX port 5140 where ; > > > tcpdump -i eth162.20.100.27 port 5140 (Can you please let me know whether > I am using the right one) > > > Can I use 16001 to configure syslog to receive the logs ??? > > Thank you Ha > > > > > On Tuesday, August 16, 2016 at 11:36:29 AM UTC-7, Ha NN wrote: >> >> Hi Sam, >> >> there is nothing on port 5140. >> >> Am 16.08.2016 8:21 nachm. schrieb "sam" <[email protected]>: >> >>> Hi Ha, >>> >>> below is the output for netstat -tulpen: where my graylog address is : >>> 162.20.100.27 >>> >>> Active Internet connections (only servers) >>> Proto Recv-Q Send-Q Local Address Foreign Address >>> State User Inode PID/Program name >>> tcp 0 0 162.20.100.27:16001 0.0.0.0:* >>> LISTEN 0 14422 1311/python >>> tcp 0 0 127.0.0.1:27017 0.0.0.0:* >>> LISTEN 499 21667 2180/mongod >>> tcp 0 0 0.0.0.0:22 0.0.0.0:* >>> LISTEN 0 14409 1651/sshd >>> tcp 0 0 ::ffff:162.20.100.27:12900 :::* >>> LISTEN 497 570097 30968/java >>> tcp 0 0 ::ffff:127.0.0.1:9350 :::* >>> LISTEN 497 570036 30968/java >>> tcp 0 0 ::1:9350 :::* >>> LISTEN 497 570035 30968/java >>> tcp 0 0 ::ffff:162.20.100.27:9000 :::* >>> LISTEN 497 569340 30968/java >>> tcp 0 0 :::12201 :::* >>> LISTEN 497 610172 30968/java >>> tcp 0 0 ::ffff:127.0.0.1:9200 :::* >>> LISTEN 498 103819 25135/java >>> tcp 0 0 ::1:9200 :::* >>> LISTEN 498 103818 25135/java >>> tcp 0 0 ::ffff:127.0.0.1:9300 :::* >>> LISTEN 498 103168 25135/java >>> tcp 0 0 ::1:9300 :::* >>> LISTEN 498 103791 25135/java >>> tcp 0 0 :::22 :::* >>> LISTEN 0 14411 1651/sshd >>> udp 0 0 0.0.0.0:68 0.0.0.0:* >>> 0 13290 1594/dhclient >>> udp 0 0 162.20.100.27:123 0.0.0.0:* >>> 0 30140 2804/ntpd >>> udp 0 0 127.0.0.1:123 0.0.0.0:* >>> 0 30139 2804/ntpd >>> udp 0 0 0.0.0.0:123 0.0.0.0:* >>> 0 30132 2804/ntpd >>> udp 0 0 :::12201 :::* >>> 497 611311 30968/java >>> udp 0 0 fe80::20d:3aff:fe01:162b:123 :::* >>> 0 30142 2804/ntpd >>> udp 0 0 ::1:123 :::* >>> 0 30141 2804/ntpd >>> udp 0 0 :::123 :::* >>> 0 30133 2804/ntpd >>> >>> >>> >>> >>> >>> On Monday, August 15, 2016 at 11:14:42 PM UTC-7, Ha NN wrote: >>>> >>>> Hi Sam >>>> >>>> please make sure that graylog is listening on the right port. >>>> >>>> give us the output for >>>> >>>> netstat -tulpen >>>> >>>> Please make sure that you are sending data on that port with >>>> >>>> tcpdump -i ethX port 5140 >>>> >>>> Replace the x with your interface. >>>> >>>> Am 16.08.2016 6:53 vorm. schrieb "sam" <[email protected]>: >>>> > >>>> > Hi Jason, >>>> > >>>> > >>>> > Graylog is installed in linux server. I used rpm package for >>>> installation. (graylog 2.0) . Can you let me know the possible reasons. >>>> > >>>> > >>>> > Firewall on graylog server or client machine? >>>> > >>>> > >>>> > >>>> > Thank you >>>> > >>>> > >>>> > On Monday, August 15, 2016 at 3:44:35 PM UTC-7, Jason Warnes wrote: >>>> >> >>>> >> It might be a firewall on your graylog server. Without knowing what >>>> method you used to install the graylog server it's hard to know for sure. >>>> >> >>>> >> >>>> >> On Monday, August 15, 2016 at 12:46:02 AM UTC-6, sam wrote: >>>> >>> >>>> >>> Hi All, >>>> >>> >>>> >>> I am trying to send syslog messages into my graylog server. I >>>> configured the ip address in /etc/rsyslog.conf file, I have issues in >>>> getting the logs to my graylog server. >>>> >>> >>>> >>> >>>> >>> Can anyone of you help me from this please..! >>>> >>> >>>> >>> /etc/rsyslog.conf/ >>>> >>> >>>> >>> >>>> >>> >>>> >>> *.* @graylog.ip.address:5140 >>>> >>> >>>> >>> This settings are configured in client server, >>>> >>> >>>> >>> >>>> >>> Input configure in graylog server is : >>>> >>> bind address : 0.0.0.0 >>>> >>> port : 5140 >>>> >>> >>>> >>> >>>> >>> >>>> >>> Thank you >>>> >>> Sam >>>> >>> >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> Groups "Graylog Users" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an email to [email protected]. >>>> > To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/graylog2/7447055d-cb6e-4ae >>>> 0-bd7b-9fb4aadad414%40googlegroups.com. >>>> > >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Graylog Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ms >>> gid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com >>> <https://groups.google.com/d/msgid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/dcb967d3-8968-40b1-9a06-3ba4b6e323e3%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/dcb967d3-8968-40b1-9a06-3ba4b6e323e3%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAEst0bNtYTySb3eJ1UpvEiA6b_dE88eVbedEctwnuTZVuGfwKQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
