Hi Ha,
below is the log fro tcpdumb tcpdump -i eth0 port 5140 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 0 packets captured 1 packets received by filter 0 packets dropped by kernel Thank you On Tuesday, August 16, 2016 at 11:57:31 AM UTC-7, Ha NN wrote: > > Hi Sam, > > you can get your interface number with > > ifconfig -a > > you need the interface for the ip 162.20.100.27. Something like eth0, > eth1. So the command should look like > > tcpdump -i eth0 port 5140 > > No you cannot use port 16001 because its in use. Mby you should double > check your syslog input in graylog. > > Am 16.08.2016 8:44 nachm. schrieb "sam" <[email protected] <javascript:>>: > >> Hi Ha, >> >> I cant able to use this one : >> >> tcpdump -i ethX port 5140 where ; >> >> >> tcpdump -i eth162.20.100.27 port 5140 (Can you please let me know >> whether I am using the right one) >> >> >> Can I use 16001 to configure syslog to receive the logs ??? >> >> Thank you Ha >> >> >> >> >> On Tuesday, August 16, 2016 at 11:36:29 AM UTC-7, Ha NN wrote: >>> >>> Hi Sam, >>> >>> there is nothing on port 5140. >>> >>> Am 16.08.2016 8:21 nachm. schrieb "sam" <[email protected]>: >>> >>>> Hi Ha, >>>> >>>> below is the output for netstat -tulpen: where my graylog address is >>>> : 162.20.100.27 >>>> >>>> Active Internet connections (only servers) >>>> Proto Recv-Q Send-Q Local Address Foreign Address >>>> State User Inode PID/Program name >>>> tcp 0 0 162.20.100.27:16001 0.0.0.0:* >>>> LISTEN 0 14422 1311/python >>>> tcp 0 0 127.0.0.1:27017 0.0.0.0:* >>>> LISTEN 499 21667 2180/mongod >>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* >>>> LISTEN 0 14409 1651/sshd >>>> tcp 0 0 ::ffff:162.20.100.27:12900 :::* >>>> LISTEN 497 570097 30968/java >>>> tcp 0 0 ::ffff:127.0.0.1:9350 :::* >>>> LISTEN 497 570036 30968/java >>>> tcp 0 0 ::1:9350 :::* >>>> LISTEN 497 570035 30968/java >>>> tcp 0 0 ::ffff:162.20.100.27:9000 :::* >>>> LISTEN 497 569340 30968/java >>>> tcp 0 0 :::12201 :::* >>>> LISTEN 497 610172 30968/java >>>> tcp 0 0 ::ffff:127.0.0.1:9200 :::* >>>> LISTEN 498 103819 25135/java >>>> tcp 0 0 ::1:9200 :::* >>>> LISTEN 498 103818 25135/java >>>> tcp 0 0 ::ffff:127.0.0.1:9300 :::* >>>> LISTEN 498 103168 25135/java >>>> tcp 0 0 ::1:9300 :::* >>>> LISTEN 498 103791 25135/java >>>> tcp 0 0 :::22 :::* >>>> LISTEN 0 14411 1651/sshd >>>> udp 0 0 0.0.0.0:68 0.0.0.0:* >>>> 0 13290 1594/dhclient >>>> udp 0 0 162.20.100.27:123 0.0.0.0:* >>>> 0 30140 2804/ntpd >>>> udp 0 0 127.0.0.1:123 0.0.0.0:* >>>> 0 30139 2804/ntpd >>>> udp 0 0 0.0.0.0:123 0.0.0.0:* >>>> 0 30132 2804/ntpd >>>> udp 0 0 :::12201 :::* >>>> 497 611311 30968/java >>>> udp 0 0 fe80::20d:3aff:fe01:162b:123 :::* >>>> 0 30142 2804/ntpd >>>> udp 0 0 ::1:123 :::* >>>> 0 30141 2804/ntpd >>>> udp 0 0 :::123 :::* >>>> 0 30133 2804/ntpd >>>> >>>> >>>> >>>> >>>> >>>> On Monday, August 15, 2016 at 11:14:42 PM UTC-7, Ha NN wrote: >>>>> >>>>> Hi Sam >>>>> >>>>> please make sure that graylog is listening on the right port. >>>>> >>>>> give us the output for >>>>> >>>>> netstat -tulpen >>>>> >>>>> Please make sure that you are sending data on that port with >>>>> >>>>> tcpdump -i ethX port 5140 >>>>> >>>>> Replace the x with your interface. >>>>> >>>>> Am 16.08.2016 6:53 vorm. schrieb "sam" <[email protected]>: >>>>> > >>>>> > Hi Jason, >>>>> > >>>>> > >>>>> > Graylog is installed in linux server. I used rpm package for >>>>> installation. (graylog 2.0) . Can you let me know the possible reasons. >>>>> > >>>>> > >>>>> > Firewall on graylog server or client machine? >>>>> > >>>>> > >>>>> > >>>>> > Thank you >>>>> > >>>>> > >>>>> > On Monday, August 15, 2016 at 3:44:35 PM UTC-7, Jason Warnes wrote: >>>>> >> >>>>> >> It might be a firewall on your graylog server. Without knowing >>>>> what method you used to install the graylog server it's hard to know for >>>>> sure. >>>>> >> >>>>> >> >>>>> >> On Monday, August 15, 2016 at 12:46:02 AM UTC-6, sam wrote: >>>>> >>> >>>>> >>> Hi All, >>>>> >>> >>>>> >>> I am trying to send syslog messages into my graylog server. I >>>>> configured the ip address in /etc/rsyslog.conf file, I have issues in >>>>> getting the logs to my graylog server. >>>>> >>> >>>>> >>> >>>>> >>> Can anyone of you help me from this please..! >>>>> >>> >>>>> >>> /etc/rsyslog.conf/ >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> *.* @graylog.ip.address:5140 >>>>> >>> >>>>> >>> This settings are configured in client server, >>>>> >>> >>>>> >>> >>>>> >>> Input configure in graylog server is : >>>>> >>> bind address : 0.0.0.0 >>>>> >>> port : 5140 >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> Thank you >>>>> >>> Sam >>>>> >>> >>>>> > -- >>>>> > You received this message because you are subscribed to the Google >>>>> Groups "Graylog Users" group. >>>>> > To unsubscribe from this group and stop receiving emails from it, >>>>> send an email to [email protected]. >>>>> > To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/graylog2/7447055d-cb6e-4ae0-bd7b-9fb4aadad414%40googlegroups.com >>>>> . >>>>> > >>>>> > For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Graylog Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/graylog2/39594c4d-9b76-4c11-8d53-83fed2c02a4e%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/dcb967d3-8968-40b1-9a06-3ba4b6e323e3%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/dcb967d3-8968-40b1-9a06-3ba4b6e323e3%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/de97955d-7c7d-4eac-8364-03d7c06fc042%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
