pseymour
Syslog Wont Work?
I installed the software and its wicked cool. Just can't get syslog to work. Trying to send things to my graylog server and no matter what I try, it wont show up. I've checked netstat -n and never see any established connections to my server. I've tried different ports, UDP, TCP etc. Both should work though for my server. What could I be doing wrong?
We are experiencing the same issue. Syslog reporting in MakeMeAdmin is not functioning as expected. To test that our log server is configured correctly and can receive data from our source machine, we used to tcpdump to observe connections on the log server and successfully sent a telnet to the log server from the source machine.
From the syslog server CLI, try tcpdump -i any host [Source IP] -A -vv Then on the host machine do: telnet [Syslog Server IP]and observe whether the data comes in.
Workaround may involve implementing MakeMeAdmin + other service like NxLog, and configuring NxLog to only send admin session logs in order to capture data when makemaadmin is started.
Has anyone else experienced/resolved this issue?
I just checked ours, and it's logging via UDP. Can someone tell me what their syslog server software is, the settings specified for MMA, etc? I can try to re-create the issue.
Thanks Paul, config on the MMA side is server_address:5544:tcp and no logs are being sent, monitoring on the Syslog server via tcpdump -i any host [Source IP] -A -vv.
Do you really have two colons after the server name, or was that a typo? It should be one colon separating each field.
Thank you for testing! The issue 17 branch has been merged to master.
------- Original Message ------- On Wednesday, June 15th, 2022 at 12:10 AM, ericvanboven @.***> wrote:
This version worked for me for trying tcp (udp worked with any version). Can this one be merged with the master?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were assigned.Message ID: @.***>