Serilog Graylog cannot log in Graylog

Question

I am new to graylog. I cannot log into graylog. When I do a search for the message, I look for source:xxx-yyy or just a keyword test9999, look for all the latest logs, my message is not there. What could I be doing wrong?

Server name and port are correct.

LoggerConfiguration loggerConfiguration = new LoggerConfiguration();
         
         loggerConfiguration
            .Enrich.FromLogContext()
            .Enrich.WithProperty("source", "xxx-yyy")
            .Enrich.WithProperty("test", "test9999");

         loggerConfiguration.WriteTo.Graylog(new GraylogSinkOptions
         {
            HostnameOrAddress = "server",
            Port = 12201,
            TransportType = TransportType.Udp,
            MinimumLogEventLevel = LogEventLevel.Information,
            Facility = "local2",
            ShortMessageMaxLength = 12000,
            StackTraceDepth = 10,
            MessageGeneratorType = MessageIdGeneratorType.Timestamp
         });



Stream Rules
Stream ZZZ
Must match at least one of the 4 configured stream rules.
source must match exactly xxx-yyy
...


Local inputs
    gelfUDP GELF UDP RUNNING
    On node  0cee9b17 / server
    bind_address: 0.0.0.0
    decompress_size_limit: 8388608
    number_worker_threads: 32
    override_source: <empty>
    port: 12201
    recv_buffer_size: 1048576

Packages

  <package id="Serilog" version="2.10.0" targetFramework="net461" />
  <package id="Serilog.Sinks.Graylog" version="2.2.1" targetFramework="net461" />
  <package id="Serilog.Sinks.Graylog.Extended" version="1.0.1" targetFramework="net461" />

score 2 · Accepted Answer · answered Nov 05 '20 at 18:18

2

The problem was the Stream was not setup in the server. So the solution was to setup a stream with a certain rule (that I had to add a field for), and I had to be allowed to access this stream.

answered Nov 05 '20 at 18:18

live-love

48,840
22
240
204

It's too bad you didn't illustrate how to do this. – Jim Raden Jul 20 '23 at 23:07

Jamal Mahmoudi · Answer 2 · 2023-03-20T17:11:41.150

In my opinion, you should first make sure that the desired port is open, and then generate an independent log with the following commands.

For Windows :

C:\> EVENTCREATE /T ERROR /ID 1000 /L APPLICATION /D "My application error mesaage"

For Linux :

# logger -s "This is a test message"

and but next with command below on server graylog check for receive logs

#tcpdump host <IP>  and port 5514 -vv

Search the generated logs in the search bar section and make sure that the logs are received of the Specified port

Serilog Graylog cannot log in Graylog

2 Answers2