Hi Sam,
why would you try to send syslog messages directly into Elasticsearch on
port 9300, 9350, or 9200?
You have to create a syslog input in Graylog and send data there,
see
https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md
for details.
Cheers,
Jochen
On Tuesda
Hi Sam,
it looks like there is no Syslog input running on port 5140 on this machine.
Cheers,
Jochen
On Tuesday, 16 August 2016 20:21:41 UTC+2, sam wrote:
>
> Hi Ha,
>
> below is the output for netstat -tulpen: where my graylog address is :
> 162.20.100.27
>
> Active Internet connections (only
Hi Sam,
dont take ports which are already in use. Your netstat output shows that
9300 is in use. 5140 was a good choice. You should investigate why the
graylog input does not listen on that port.
Am 16.08.2016 9:36 nachm. schrieb "sam" :
> Ha,
>
>
> Now i did defined a port in /etc//rsyslog.conf
Ha,
Now i did defined a port in /etc//rsyslog.conf as
*.* @@162.20.100.27:9300
and my graylog server input as syslog_TCP with port 9300 and bind address:
162.20.100.27
My log is clear :
2016-08-16T15:17:13.831-04:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input Sysl
Hi Sam,
you cannot capture anything if nothing is listening on that port. I guess
there is something wrong with your graylog input config. Mby you should
have a look into the graylog log.
Am 16.08.2016 9:04 nachm. schrieb "sam" :
> Hi Ha,
>
>
> below is the log fro tcpdumb
>
> tcpdump -i eth0 p
I am sorry Ha, Actually I am new to this stuff. trying to get into this. I
am here with lot many questions :)
CAn you suggest me any port that Can confiure in my graylog syslog_TCP
input with ?? and ryslog.conf input port please
Thank you
On Tuesday, August 16, 2016 at 11:57:31 AM UTC-7,
Hi Ha,
below is the log fro tcpdumb
tcpdump -i eth0 port 5140
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
0 packets captured
1 packets received by filter
0 packets dropped by kernel
Thank y
Hi Sam,
you can get your interface number with
ifconfig -a
you need the interface for the ip 162.20.100.27. Something like eth0, eth1.
So the command should look like
tcpdump -i eth0 port 5140
No you cannot use port 16001 because its in use. Mby you should double
check your syslog input in gra
Hi Ha,
I cant able to use this one :
tcpdump -i ethX port 5140 where ;
tcpdump -i eth162.20.100.27 port 5140 (Can you please let me know whether
I am using the right one)
Can I use 16001 to configure syslog to receive the logs ???
Thank you Ha
On Tuesday, August 16, 2016 at 11:36:2
Hi Sam,
there is nothing on port 5140.
Am 16.08.2016 8:21 nachm. schrieb "sam" :
> Hi Ha,
>
> below is the output for netstat -tulpen: where my graylog address is :
> 162.20.100.27
>
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
Hi Ha,
below is the output for netstat -tulpen: where my graylog address is :
162.20.100.27
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State User Inode PID/Program name
tcp0 0 162.20.100.
Hi Sam
please make sure that graylog is listening on the right port.
give us the output for
netstat -tulpen
Please make sure that you are sending data on that port with
tcpdump -i ethX port 5140
Replace the x with your interface.
Am 16.08.2016 6:53 vorm. schrieb "sam" :
>
> Hi Jason,
>
>
> G
Hi Jason,
Graylog is installed in linux server. I used rpm package for installation.
(graylog 2.0) . Can you let me know the possible reasons.
Firewall on graylog server or client machine?
Thank you
On Monday, August 15, 2016 at 3:44:35 PM UTC-7, Jason Warnes wrote:
>
> It might be a fir
It might be a firewall on your graylog server. Without knowing what method
you used to install the graylog server it's hard to know for sure.
On Monday, August 15, 2016 at 12:46:02 AM UTC-6, sam wrote:
>
> Hi All,
>
> I am trying to send syslog messages into my graylog server. I configured
> t
14 matches
Mail list logo