Syslog server doesn't work

[emanuelx]

Hi all,
I've the TrueNas in proxmox and I want to centralize the logs using graylog, so at this moment I'm testing the graylog on docker-compose file on my machine just for test purposes.

I've configured graylog with the input for syslog UDP on port 540,
if I use the command line on truenas "logger -s -n 192.168.1.105 -P 540 -d testedrive", I receive the log on graylog without any issue.

But I I try to do only logger mylog in console, I'm unable to get the log on graylog.

This is my configuration in TrueNas Scale.

Why this is not working?

 

[jgreco]

Welcome to the forums.

Sorry to hear you're having trouble. Please take a few moments to review the Forum Rules, conveniently linked at the top of every page in red, and pay particular attention to the section on how to formulate a useful problem report, especially including a detailed description of your network setup. What you've provided is very weak. Where's greylog? Is it in a VM on Proxmox? Is it on the TrueNAS VM, and if so, why? What does your network look like?

You've basically given no one anything to work with, so the responses will tend to be random guesses rather than anything useful.

 

[emanuelx]

Thank you jgreco, at this moment graylog isn't in proxmox, I'm running in my Mac using docker-compose.yml from graylog2 github
The only thing I've changed was the port, but this is a little strange for me.

192.168.1.105 is the IP of my Mac.
There is a way to test if TrueNas is using my graylog server?

 

[jgreco]

tcpdump is the usual tool used to inspect network traffic. Syslog is on port 514. So try something like

# tcpdump host 192.168.1.105 and port 514

and then generate some syslog traffic.

 

[NickF]

Also, I noticed in your config you are using port 540. Is your syslog server listening on that port?


Can you run this command on your syslog server? What does it say?

Code:

netstat -tunlp

My syslog server of choice is Gravwell, but the output of this should look the same.

Code:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp6       0      0 :::7777                 :::*                    LISTEN      -
tcp6       0      0 :::4023                 :::*                    LISTEN      -
tcp6       0      0 :::601                  :::*                    LISTEN      -
tcp6       0      0 :::111                  :::*                    LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 :::9404                 :::*                    LISTEN      -
udp        0      0 127.0.0.53:53           0.0.0.0:*                           -
udp        0      0 0.0.0.0:111             0.0.0.0:*                           -
udp        0      0 10.69.60.13:123         0.0.0.0:*                           -
udp        0      0 127.0.0.1:123           0.0.0.0:*                           -
udp        0      0 0.0.0.0:123             0.0.0.0:*                           -
udp6       0      0 :::2055                 :::*                                -
udp6       0      0 :::5114                 :::*                                -
udp6       0      0 :::5115                 :::*                                -
udp6       0      0 :::5116                 :::*                                -
udp6       0      0 :::5117                 :::*                                -
udp6       0      0 :::5118                 :::*                                -
udp6       0      0 :::6343                 :::*                                -
udp6       0      0 :::111                  :::*                                -
udp6       0      0 fe80::2a0:98ff:fe65:123 :::*                                -
udp6       0      0 ::1:123                 :::*                                -
udp6       0      0 :::123                  :::*                                -
udp6       0      0 :::514                  :::*                                -