Hi Jochen,
Understand about the security implications. Thank you for pointing out ;)
On the receipt issue, yes, I'm sure there is not a network issue, on the
graylog server I'm receiving the packet. It's just not showing up in
Graylog:
[root@server]# tcpdump -nnvvi ens32 port 514
tcpdump: listening on ens32, link-type EN10MB (Ethernet), capture size
65535 bytes
05:54:04.456723 IP (tos 0x0, ttl 64, id 8493, offset 0, flags [DF], proto
UDP (17), length 127)
10.10.0.5.37136 > 10.10.0.64.514: [udp sum ok] SYSLOG, length: 99
Facility user (1), Severity info (6)
Msg: Jan 22 21:46:40 SERVER01 System Test message from Synology
Syslog Client from (10.10.0.5)\0x0a
0x0000: 3c31 343e 4a61 6e20 3232 2032 313a 3436
0x0010: 3a34 3020 504e 4153 4148 3149 4e46 3031
0x0020: 2053 7973 7465 6d20 5465 7374 206d 6573
0x0030: 7361 6765 2066 726f 6d20 5379 6e6f 6c6f
0x0040: 6779 2053 7973 6c6f 6720 436c 6965 6e74
0x0050: 2066 726f 6d20 2831 302e 3230 382e 302e
0x0060: 3529 0a
^C
1 packet captured
1 packet received by filter
0 packets dropped by kernel
Thank you for your help,
Regards,
Jason
On Sun, Jan 22, 2017 at 8:02 PM, Jochen Schalanda <[email protected]>
wrote:
> On Sunday, 22 January 2017 12:54:20 UTC+1, Jochen Schalanda wrote:
>>
>> On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote:
>>>
>>> Changed user to root, restarted server, and the input is starting ok
>>> now.
>>>
>>
>> From a security perspective, that's a very bad idea and I'd recommend to
>> use one of the other mechanisms described in the documentation:
>> http://docs.graylog.org/en/2.1/pages/faq.html
>> #how-can-i-start-an-input-on-a-port-below-1024
>>
>
> The simplest thing would be to run the input on a port >1024 (e. g. 1514)
> of courseā¦
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/1MF1mFj6EhQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/df11f552-c742-4858-838f-ea1c74c02ced%40googlegroups.com
> <https://groups.google.com/d/msgid/graylog2/df11f552-c742-4858-838f-ea1c74c02ced%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAGUPOFt_V%3DNDPo_L8MU97oS_ACe0Rp3ptbotj9KbZ_U2EaDj2g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
