I have been trying to send logs from my Centos 8 virtual machine to a Graylog server using rsyslog. Unfortunately my UDP Syslog Input fails without any further description.
I have made sure to add this line to my rsyslog configuration file in /etc/rsyslog.conf
:
*.* @192.168.100.45:514;RSYSLOG_SyslogProtocol23Format
Where 192.168.100.45
is the IP address of my Graylog server
I have made sure to allow communication on port 514/udp on both machines using firewall-cmd:
firewall-cmd --add-port=514/udp --permanent
firewall-cmd --reload
The output of systemctl status rsyslog.service
:
The configuration of UDP Syslog Input on my Graylog Server:
Where 192.168.100.40
is the IP address of my Centos 8 machine from which the logs should arrive.
Before anyone suggests, this post was not helpful: How to send syslog to graylog
I kindly ask for your help and wish you a nice day/night!
I solved it myself. The bind address should be set to default and not the IP address of the client. Furthermore, I changed the port from default which was 514 to 3514 (saw it somewhere on the internet).
Also this line:
*.* @192.168.100.45:514;RSYSLOG_SyslogProtocol23Format
is wrong, there should be a double colon instead of a semicolon:
*.* @192.168.100.45:514:RSYSLOG_SyslogProtocol23Format
Most of this information was discovered by me in this tutorial: https://www.youtube.com/watch?v=9E1taHpbAgc
Cheers!