Forum Discussion

Zachary_McGibbo's avatar
Zachary_McGibbo
Icon for Nimbostratus rankNimbostratus
Aug 07, 2018

Changing UDP syslog destination port for VS

I am trying to setup two Graylog servers behind a stateless vs.

 

The issue I'm running into is that out of the box, Graylog can't listen to udp port 514 as it does not run as root, however it can listen to ports over 1024. While there are workarounds by using iptables or nginx on the graylog server to forward to a higher port, I was hoping to setup my VS to listen on syslog udp port 514 and then forward to the members behind on udp port 5514. With all my testing, this doesn't seem to work. Only if I change the member ports to 514 does it work.

 

So my question is, is there a way to remap the destination UDP port or this isn't possible?

 

When I run a tcpdump I never see any packets get forwarded to port 5514, only when the pool members are on the same udp port 514.

 

My F5 is running on 13.1.1

 

 

 

Thanks!