Graylog Sidecar NXLOG UDP SYSLOG Listener Input

[rahimkhoja]

Problem description

No syslog messages get sent via the NXLOG collector-sidecar. we have setup UDP Syslog NXLOG Input via the Graylog collector configurations. A GELF output has been setup. Documentation does not explain how to setup the NXLOG Syslog Input. (Ironically, The picture on the SideCar setup docs has a Syslog UDP Input shown but not explained)

We think that NXLOG should gather together all the SYSLOG Messages and send them to Graylog via the GELF Output. Perhaps syslog transmits them to NXLOG. This is not happening. rsyslogd sends the messages without any problem(Both TCP and UDP), but I would rather have them all come thru the same connector.

Steps to reproduce the problem

Setup a sidecar collector, including GELF Input.
Added File Input. Tested it and confirmed that the data is being collected.
... Add NXLOG Syslog UDP input to NXlog Sidecard configuration.
No Syslogs collected. :(
Environment

Sidecar Version: 0.1.4
Graylog Version: 2.3
Operating System: CentOS 7.4 ( Server ) && Cent 6.9 ( Clients )
Elasticsearch Version: 3.2
MongoDB Version: ?

[rahimkhoja]

OK I got it working..

I created the file /etc/rsyslog.d/nxlog_syslog.conf on the client

with the contents

$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
*.* @127.0.0.1;TraditionalFormat