Closed dmayan closed 7 years ago
Hello!
Could you share your /var/log/fastnetmon.log?
Sure!! Here it is. Also I noticed a lot of info of attacks withot details?
Hello!
According to logs it was configured correctly:
5 2017-03-26 17:18:19,679 [INFO] We have configured remote syslog logging corectly
6 2017-03-26 17:18:19,679 [INFO] We will read ban settings for my_hosts
7 2017-03-26 17:18:19,679 [ERROR] We can't find notify script /usr/local/bin/notify_about_attack.sh
8 2017-03-26 17:18:19,685 [INFO] Read configuration file
9 2017-03-26 17:18:19,685 [INFO] We start remote syslog logging corectly
Could you check it with tcpdump in source / target machine?
I tried sending with logger and it worked ok, so I discard a network problem.
I will capture with TCP dump and see if there is another problem.
thanks
It should be udp. I do not think that we support tcp.
Sorry, tcpdump. It is UDP port 5514
This a tcpdump in the receiving side. I don't see anything anormal, but Graylog doesn't show anything.
Pavel,
Setting a RAW UDP input in Graylog solved the problem. Now Graylog is receiving the logs ok. I was using Syslog UDP input.
Let me know if you need something more.
Thanks
Perfect!
Hi Pavel,
I have enabled logging:remote_syslog_logging so I can get notifications via my Graylog installation.
The Graylog server is working correctly as I'm collecting all my network logs there.
What could be the problem? Running on Debian 8.6 VM. Graylog is the same.
Thanks, Diego