Hi Jochen, After swittching the receiver to 1514, and a reboot, the server is receiving messages now. However, when I change the user back to "graylog", and restart, after about 1 minute, it crashes with 1000's of errors. Swithing back to root fixes it. I think I should reload the server and app.
Thanks for all your help! Jason On Sun, Jan 22, 2017 at 9:51 PM, Jason Fuller <[email protected]> wrote: > Hi Jochen, > > Understand about the security implications. Thank you for pointing out ;) > > On the receipt issue, yes, I'm sure there is not a network issue, on the > graylog server I'm receiving the packet. It's just not showing up in > Graylog: > > [root@server]# tcpdump -nnvvi ens32 port 514 > tcpdump: listening on ens32, link-type EN10MB (Ethernet), capture size > 65535 bytes > 05:54:04.456723 IP (tos 0x0, ttl 64, id 8493, offset 0, flags [DF], proto > UDP (17), length 127) > 10.10.0.5.37136 > 10.10.0.64.514: [udp sum ok] SYSLOG, length: 99 > Facility user (1), Severity info (6) > Msg: Jan 22 21:46:40 SERVER01 System Test message from Synology > Syslog Client from (10.10.0.5)\0x0a > 0x0000: 3c31 343e 4a61 6e20 3232 2032 313a 3436 > 0x0010: 3a34 3020 504e 4153 4148 3149 4e46 3031 > 0x0020: 2053 7973 7465 6d20 5465 7374 206d 6573 > 0x0030: 7361 6765 2066 726f 6d20 5379 6e6f 6c6f > 0x0040: 6779 2053 7973 6c6f 6720 436c 6965 6e74 > 0x0050: 2066 726f 6d20 2831 302e 3230 382e 302e > 0x0060: 3529 0a > ^C > 1 packet captured > 1 packet received by filter > 0 packets dropped by kernel > > Thank you for your help, > Regards, > Jason > > > On Sun, Jan 22, 2017 at 8:02 PM, Jochen Schalanda <[email protected]> > wrote: > >> On Sunday, 22 January 2017 12:54:20 UTC+1, Jochen Schalanda wrote: >>> >>> On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote: >>>> >>>> Changed user to root, restarted server, and the input is starting ok >>>> now. >>>> >>> >>> From a security perspective, that's a very bad idea and I'd recommend to >>> use one of the other mechanisms described in the documentation: >>> http://docs.graylog.org/en/2.1/pages/faq.html >>> #how-can-i-start-an-input-on-a-port-below-1024 >>> >> >> The simplest thing would be to run the input on a port >1024 (e. g. 1514) >> of courseā¦ >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Graylog Users" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/graylog2/1MF1mFj6EhQ/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/graylog2/df11f552-c742-4858-838f-ea1c74c02ced%40googlegroups.com >> <https://groups.google.com/d/msgid/graylog2/df11f552-c742-4858-838f-ea1c74c02ced%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAGUPOFt1Es%2BX1YigioxFFEVhLEwwSZhtosC8EZ0qho1A%3DtOeXw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
