Hi Ha,
below is the log fro tcpdumb tcpdump -i eth0 port 5140 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 0 packets captured 1 packets received by filter 0 packets dropped by kernel Thank you On Tuesday, August 16, 2016 at 11:57:31 AM UTC-7, Ha NN wrote: > > Hi Sam, > > you can get your interface number with > > ifconfig -a > > you need the interface for the ip 162.20.100.27. Something like eth0, > eth1. So the command should look like > > tcpdump -i eth0 port 5140 > > No you cannot use port 16001 because its in use. Mby you should double > check your syslog input in graylog. > > Am 16.08.2016 8:44 nachm. schrieb "sam" <mrpl...@gmail.com <javascript:>>: > >> Hi Ha, >> >> I cant able to use this one : >> >> tcpdump -i ethX port 5140 where ; >> >> >> tcpdump -i eth162.20.100.27 port 5140 (Can you please let me know >> whether I am using the right one) >> >> >> Can I use 16001 to configure syslog to receive the logs ??? >> >> Thank you Ha >> >> >> >> >> On Tuesday, August 16, 2016 at 11:36:29 AM UTC-7, Ha NN wrote: >>> >>> Hi Sam, >>> >>> there is nothing on port 5140. >>> >>> Am 16.08.2016 8:21 nachm. schrieb "sam" <mrpl...@gmail.com>: >>> >>>> Hi Ha, >>>> >>>> below is the output for netstat -tulpen: where my graylog address is >>>> : 162.20.100.27 >>>> >>>> Active Internet connections (only servers) >>>> Proto Recv-Q Send-Q Local Address Foreign Address >>>> State User Inode PID/Program name >>>> tcp 0 0 162.20.100.27:16001 0.0.0.0:* >>>> LISTEN 0 14422 1311/python >>>> tcp 0 0 127.0.0.1:27017 0.0.0.0:* >>>> LISTEN 499 21667 2180/mongod >>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* >>>> LISTEN 0 14409 1651/sshd >>>> tcp 0 0 ::ffff:162.20.100.27:12900 :::* >>>> LISTEN 497 570097 30968/java >>>> tcp 0 0 ::ffff:127.0.0.1:9350 :::* >>>> LISTEN 497 570036 30968/java >>>> tcp 0 0 ::1:9350 :::* >>>> LISTEN 497 570035 30968/java >>>> tcp 0 0 ::ffff:162.20.100.27:9000 :::* >>>> LISTEN 497 569340 30968/java >>>> tcp 0 0 :::12201 :::* >>>> LISTEN 497 610172 30968/java >>>> tcp 0 0 ::ffff:127.0.0.1:9200 :::* >>>> LISTEN 498 103819 25135/java >>>> tcp 0 0 ::1:9200 :::* >>>> LISTEN 498 103818 25135/java >>>> tcp 0 0 ::ffff:127.0.0.1:9300 :::* >>>> LISTEN 498 103168 25135/java >>>> tcp 0 0 ::1:9300 :::* >>>> LISTEN 498 103791 25135/java >>>> tcp 0 0 :::22 :::* >>>> LISTEN 0 14411 1651/sshd >>>> udp 0 0 0.0.0.0:68 0.0.0.0:* >>>> 0 13290 1594/dhclient >>>> udp 0 0 162.20.100.27:123 0.0.0.0:* >>>> 0 30140 2804/ntpd >>>> udp 0 0 127.0.0.1:123 0.0.0.0:* >>>> 0 30139 2804/ntpd >>>> udp 0 0 0.0.0.0:123 0.0.0.0:* >>>> 0 30132 2804/ntpd >>>> udp 0 0 :::12201 :::* >>>> 497 611311 30968/java >>>> udp 0 0 fe80::20d:3aff:fe01:162b:123 :::* >>>> 0 30142 2804/ntpd >>>> udp 0 0 ::1:123 :::* >>>> 0 30141 2804/ntpd >>>> udp 0 0 :::123 :::* >>>> 0 30133 2804/ntpd >>>> >>>> >>>> >>>> >>>> >>>> On Monday, August 15, 2016 at 11:14:42 PM UTC-7, Ha NN wrote: >>>>> >>>>> Hi Sam >>>>> >>>>> please make sure that graylog is listening on the right port. >>>>> >>>>> give us the output for >>>>> >>>>> netstat -tulpen >>>>> >>>>> Please make sure that you are sending data on that port with >>>>> >>>>> tcpdump -i ethX port 5140 >>>>> >>>>> Replace the x with your interface. >>>>> >>>>> Am 16.08.2016 6:53 vorm. schrieb "sam" <mrpl...@gmail.com>: >>>>> > >>>>> > Hi Jason, >>>>> > >>>>> > >>>>> > Graylog is installed in linux server. I used rpm package for >>>>> installation. (graylog 2.0) . Can you let me know the possible reasons. >>>>> > >>>>> > >>>>> > Firewall on graylog server or client machine? >>>>> > >>>>> > >>>>> > >>>>> > Thank you >>>>> > >>>>> > >>>>> > On Monday, August 15, 2016 at 3:44:35 PM UTC-7, Jason Warnes wrote: >>>>> >> >>>>> >> It might be a firewall on your graylog server. Without knowing >>>>> what method you used to install the graylog server it's hard to know for >>>>> sure. >>>>> >> >>>>> >> >>>>> >> On Monday, August 15, 2016 at 12:46:02 AM UTC-6, sam wrote: >>>>> >>> >>>>> >>> Hi All, >>>>> >>> >>>>> >>> I am trying to send syslog messages into my graylog server. I >>>>> configured the ip address in /etc/rsyslog.conf file, I have issues in >>>>> getting the logs to my graylog server. >>>>> >>> >>>>> >>> >>>>> >>> Can anyone of you help me from this please..! >>>>> >>> >>>>> >>> /etc/rsyslog.conf/ >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> *.* @graylog.ip.address:5140 >>>>> >>> >>>>> >>> This settings are configured in client server, >>>>> >>> >>>>> >>> >>>>> >>> Input configure in graylog server is : >>>>> >>> bind address : 0.0.0.0 >>>>> >>> port : 5140 >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> Thank you >>>>> >>> Sam >>>>> >>> >>>>> > -- >>>>> > You received this message because you are subscribed to the Google >>>>> Groups "Graylog Users" group. >>>>> > To unsubscribe from this group and stop receiving emails from it, >>>>> send an email to graylog2+u...@googlegroups.com. >>>>> > To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/graylog2/7447055d-cb6e-4ae0-bd7b-9fb4aadad414%40googlegroups.com >>>>> . >>>>> > >>>>> > For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Graylog Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to graylog2+u...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to graylog2+u...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/dcb967d3-8968-40b1-9a06-3ba4b6e323e3%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/dcb967d3-8968-40b1-9a06-3ba4b6e323e3%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/de97955d-7c7d-4eac-8364-03d7c06fc042%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
