Jasmin shahrzad
asked on
graylog and windows
I have graylog 4.X on ubuntu 20.
I don't have problem to read any ubuntu, debian server log on graylog.
But i create sidecar for windows 10 and nxlog for windows 2012.
All input is running (green) but server not received messages from windows.
I don't have a firewall on ubuntu and special port for windows is open in windows firewall.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ufw is just a front end for the firewall, which on Linux Distro's normally is iptables, & that gets installed & setup by default. Probably "sudo iptables --list" would show you more of what is blocked & what isn't.
ASKER
This is my iptable list
root@rsyslog:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5044
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:12201
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12201
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5044
But you are right, i need to open extern firewall (it was in 2 different subnet). it's working now.
i have a question? i have many server do i need to use 1 port for each server? i have more than 1000 linux/windows servers.
root@rsyslog:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5044
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:12201
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12201
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5044
But you are right, i need to open extern firewall (it was in 2 different subnet). it's working now.
i have a question? i have many server do i need to use 1 port for each server? i have more than 1000 linux/windows servers.
I don't know graylog myself, so I don't know what exactly it does or what requirements it has.
Graylog is a good tool (or was good years ago when I tested it, but I went kibana ELK).
https://www.educba.com/graylog-vs-elk/
https://www.educba.com/graylog-vs-elk/
ASKER
i say ufw status
$ ufw not active
and i have input from other ubuntu and debian server.
not all running on port 514.