Running UTM 9.5 and trying to use Graylog as a remote Syslog Server. I have configured both sides properly as far as I know, Graylog is receiving Syslog messages from other hosts but not from my UTM.
As soon as I save my settings I see the UTm connecting and inside Graylog I see the connection and yet no messages arrive. I changed the buiffer down to 10 lines in the hopes of speeding things up to no avail.
2018:04:05-09:55:54 security syslog-ng[5007]: Syslog connection established; fd='66', server='AF_INET(192.168.99.2:5140)', local='AF_INET(0.0.0.0:0)'
2018:04:05-09:55:57 security syslog-ng[5007]: Configuration reload request received, reloading configuration;
I have firewall rules to allow other machines to connect to Graylog on the port specified but I am unsure how to do this for the UTM, I mean what would be the source I select for a firewall rule, would my Graylog instance see the syslog packets coming from the UTM as coming from the Ip of the network interface where Graylog is connected to the UTM?
My settings: the host is configured via Ip and correct and the port used is TCP 5140. I also have Graylog listening on 5140 UDP but that also didn't work and worse, with UDP I cannot check see if UTM has connected or not.
Graylog sees the UTM connection
Any hints are welcome.
This thread was automatically locked due to age.
