No messages. TEst2 Raw/Plaintext UDP 1 RUNNING
- bind_address: 0.0.0.0 - override_source: *<empty>* - port: 50516 - recv_buffer_size: 262144 Throughput / Metrics1 minute average rate: 0 msg/s Network IO: 0B 0B (total: 0B 0B ) Empty messages discarded: 0 Network IO: 0B 0B (total: 0B 0B ) Empty messages discarded: 0 вторник, 22 ноября 2016 г., 17:01:18 UTC+3 пользователь Jochen Schalanda написал: > > Hi, > > please try using a Raw/Plaintext UDP input instead of the Syslog input and > check the incoming messages. > > Cheers, > Jochen > > On Tuesday, 22 November 2016 13:40:23 UTC+1, SancheZZS wrote: >> >> Hi all! >> I have the issue with inputs and Snort syslog stream. >> >> Stream of syslog generated by >> >> $template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% >> %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% >> %STRUCTURED-DATA% %msg%\n" >> local5.alert @10.8.1.74:50515;GRAYLOGRFC5424 >> >> >> tpcdump show all packets on graylog server >> >> # tcpdump -ni ens3 port 50515 >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >> listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes >> 15:33:57.322608 IP 10.11.108.251.39605 > 10.8.1.74.50515: UDP, length 227 >> 15:33:57.355921 IP 10.11.108.251.39605 > 10.8.1.74.50515: UDP, length 240 >> 15:33:57.591771 IP 10.11.108.251.39605 > 10.8.1.74.50515: UDP, length 240 >> 15:33:57.599199 IP 10.11.108.251.39605 > 10.8.1.74.50515: UDP, length 241 >> 15:33:57.708689 IP 10.11.108.251.39605 > 10.8.1.74.50515: UDP, length 240 >> 15:33:58.202035 IP 10.11.108.251.39605 > 10.8.1.74.50515: UDP, length 240 >> >> >> But graylog not show a messages >> >> Snort Eth3 (Syslog UDP) >> >> override_source: >> recv_buffer_size: 524288 >> allow_override_date: true >> bind_address: 0.0.0.0 >> port: 50515 >> store_full_message: true >> >> Throughput / Metrics >> 1 minute average rate: 0 msg/s >> Network IO: 0B 0B (total: 0B 0B ) >> >> I tried some graylog versions (1.2.2, 2.0.x , 2.1.x) >> >> What am I missing? Any and all suggestions are welcome. >> >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d61f42bd-aeb8-4a6b-b77d-971ceabe7382%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
