Confirmation I am getting data with UDP syslog listening on 1514 http://imgur.com/a/VjESi - I have another VM which is running rsyslog and pushing messages to the graylog2 server via this doc https://marketplace.graylog.org/addons/a47beb3b-0bd9-4792-a56a-33b27b567856 .
One thing I also did on the graylog server was iptables redirect from 514 to 1514 (the UDP syslog) since I have some devices that may have to use 514 only and I'd like to keep the client inbound connectivity to graylog standard on 514 TCP/UDP
tcpdump on the rsyslog client system confirms the messages are being pushed to the graylog2 server in the aforementioned RFC format
http://i.imgur.com/FnV4eBk.png
And tcpdumping on the graylog server also shows packets are being received and forwarded to 1514
Any ideas? Should I just try TCP?
EDIT: And here you can see that elasticsearch has the messages. So I am not sure exactly what I am missing here - http://i.imgur.com/MPlpJdx.png&& http://i.imgur.com/K3k7xAy.png
[link] [comments]