OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: guest22698 on November 27, 2019, 02:31:01 pm

Title: Unable to get new remote logging working with Graylog
Post by: guest22698 on November 27, 2019, 02:31:01 pm

Hi! I have been using old remote logging with Graylog for a while, and it was working very well. And, since 19.7 new remote logging was introduced, I decided to give it a try. But I can't get it to start working at all.

I have Graylog server installed on Azure virtual machine. Between Azure and my OPNsense router I have created site to site tunnel. I followed this tutorial - https://docs.opnsense.org/manual/how-tos/ipsec-s2s.html
My OPNsense subnet - 10.27.7.0/24
Azure subnet - 10.12.14.0/24

This is how I have configured new remote logging destination, I have tried both TCP(4) and UDP(4) -
(https://i.ibb.co/qWMZKdq/graylog.png)

And this is how I was configured old remote logging destination -
(https://i.ibb.co/sqYKbmm/old.png)

I have removed old remote logging configuration already, so only new remote logging destination configuration is actual now. But problem is that I can't see any incoming traffic on Graylog server, no any active connections, no incoming logs. When I had old remote logging enabled, everything was working well, I haven't changed any firewall or IPsec tunnel settings since then.

Can someone help? Maybe I have to add additional firewall rule? If you need to see more information about my configuration, just ask. Thanks!  :)

Title: Re: Unable to get new remote logging working with Graylog
Post by: guest22698 on December 02, 2019, 11:05:18 am

No one? :-\

I looked into System > Logs > General and found this -
(https://i.ibb.co/SwMqnT8/errorlog.png)

Title: Re: Unable to get new remote logging working with Graylog
Post by: lfirewall1243 on December 02, 2019, 11:20:12 am

On my Graylog server the timestamps were different, try to look for logs of all Time.

Whe i changed the time window, i saw fresh incoming logs