0

I have Graylog2 v 0.9.6 installed, its syslog server is listening on UDP port 33000. Below is its configuration:

# On which port (UDP) should we listen for Syslog messages? (Standard: 514)
syslog_listen_port = 33000
syslog_protocol = udp

# ElasticSearch URL (default: http://localhost:9200/)
elasticsearch_url = http://localhost:9200/
elasticsearch_index_name = graylog2

# Always try a reverse DNS lookup instead of parsing hostname from syslog message?
force_syslog_rdns = false

# MongoDB Configuration
mongodb_useauth = false
mongodb_user = grayloguser
mongodb_password = 123
mongodb_host = localhost
#mongodb_replica_set = localhost:27017,localhost:27018,localhost:27019
mongodb_database = graylog2
mongodb_port = 30000

There are no errors in graylog2 server and have verified using netstat that the syslog server is listening on the configured port.

Using Unix utility nc, I tried to send messages to it but It doesn't show up on the Graylog2 GUI.

I tried the following command :

nc -u 127.0.0.1 33000 < cron.1

Where cron.1 is a log file containing messages emitted by the cron jobs.

What am I missing ? Where to check whether graylog2 has accepted the messages ? Why aren't they coming on the GUI ?

Pls Help,

Hussain

Hussain Pirosha
  • 1,358
  • 1
  • 11
  • 19

1 Answers1

0

Your netcat command is not emulating syslog at all because it sends the whole file which is most likely not in syslog format either.

b0ti
  • 2,319
  • 1
  • 18
  • 18
  • Thanks b0ti, you are correct. The log messages did not had the priority field in it and when those reached to the graylog syslog server it failed to parse. – Hussain Pirosha Mar 13 '13 at 08:08
  • Running the following command I was able to submit syslog messages to Graylog : echo "<10>Mar 31 22:44:09 This message was sent to local7.emerg (0)" > /dev/udp/192.168.64.133/33000 – Hussain Pirosha Mar 13 '13 at 08:16