Ninja Protip to test out network traffic
Also an easy way to analyze raw graylog messages
This is my little ninja trick for getting raw log data to paste into the Pipeline Simulator. We can talk more about that later. It is also a decent trick to double-check your connection protocol (TCP/UDP), network connectivity, firewall, etc. If you see the messages coming in hot, but graylog is drawing blanks - your config is the enemy. If you don’t see any messages - then you got 99 problems but your config ain’t one.
Pay close attention, kids. I don’t want to lose anyone in the middle of this rodeo.
Step 1: Stop the input (and take note of the port and protocol)
Example: Syslog UDP Input on Port 4550
Step 2: SSH into one of your Graylog input servers
nc -lvu 4550
Step 4: Wait. Profit.
IF you need a TCP listener, drop the u from the flags above. If you need TLS you need to wait until the next time I use it and hopefully remember to type it out for the listeners at home.
You should see your logs coming in raw to the terminal. Everyone forgets about
netcat. Everyone except this kid.