Link to home
Start Free TrialLog in
Avatar of Jasmin shahrzad
Jasmin shahrzad

asked on

graylog and windows

I have graylog 4.X on ubuntu 20. 

I don't have problem to read any ubuntu, debian server log on graylog.

But i create sidecar for windows 10 and nxlog for windows 2012.

All input is running (green) but server not received messages from windows. 

I don't have a firewall on ubuntu and special port for windows is open in windows firewall.

ASKER CERTIFIED SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jasmin shahrzad
Jasmin shahrzad

ASKER

yes i am sure.
i say ufw status
$ ufw not active
and i have input from other ubuntu and debian server.
not all running on port 514.
ufw is just a front end for the firewall, which on Linux Distro's normally is iptables, & that gets installed & setup by default. Probably "sudo iptables --list" would show you more of what is blocked & what isn't.
This is my iptable list
root@rsyslog:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5044
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:12201
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:12201
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:5044

But you are right, i need to open extern firewall (it was in 2 different subnet). it's working now.
i have a question? i have many server do i need to use 1 port for each server? i have more than 1000 linux/windows servers.
I don't know graylog myself, so I don't know what exactly it does or what requirements it has.
Graylog is a good tool (or was good years ago when I tested it, but I went kibana ELK).
https://www.educba.com/graylog-vs-elk/