Graylog version: graylog-web-interface v1.1.5 (2a39def) (Oracle Corporation 1.8.0_51 / Linux 3.16.0-30-generic) on graylog (Graylog prebuilt 1.1.5 VM) / Version: 1.1.5-8
graylog splunk output version: plugin-output-splunk-0.3.0
Splunk version: 6.2.3 / build 264376.
We have a graylog stream setup to forward just VPN login messages (from a Sonicwall appliance) messages from graylog to a splunk "forward" receiver on port 8888 with the following config:
splunk_host: splunk
splunk_protocol: TCP
splunk_port: 8888
The splunk receiver is spitting out the following log messages every time it receives a message from the graylog server on port 8888:
09-10-2015 15:34:29.437 +1200 ERROR TcpInputProc - Message rejected. Received unexpected 842019125 byte message! from src=xxx.xx.xx.xxx:54393. Maximum message allowed: 67108864. (::)
The contents (some redactions) of the packet it sends:
.@.j...v2015/09/10-03:34:29.436 id=firewall sn=C0EAE46B1ED2 time="2015-09-10 03:34:29 UTC" fw=none pri=6 c=0 m=1080 msg="SSL VPN zone remote user login allowed" sess= n=13605 usr="pingz" src=xx.xxx.xx.xxx:0:X1 dst=xxx.xx.xx.xxx:0:X1 proto=tcp original_source=id=firewall msg="SSL VPN zone remote user login allowed" level=6 IPV4=xx.xxx.xx.xxx sourceip=xx.xxx.xx.xxx facility=local0 username=xxxxx
This happens for every message it sends for this stream.
Obviously the message isn't 842019125 bytes long.
Graylog version: graylog-web-interface v1.1.5 (2a39def) (Oracle Corporation 1.8.0_51 / Linux 3.16.0-30-generic) on graylog (Graylog prebuilt 1.1.5 VM) / Version: 1.1.5-8
graylog splunk output version: plugin-output-splunk-0.3.0
Splunk version: 6.2.3 / build 264376.
We have a graylog stream setup to forward just VPN login messages (from a Sonicwall appliance) messages from graylog to a splunk "forward" receiver on port 8888 with the following config:
splunk_host: splunk
splunk_protocol: TCP
splunk_port: 8888
The splunk receiver is spitting out the following log messages every time it receives a message from the graylog server on port 8888:
09-10-2015 15:34:29.437 +1200 ERROR TcpInputProc - Message rejected. Received unexpected 842019125 byte message! from src=xxx.xx.xx.xxx:54393. Maximum message allowed: 67108864. (::)
The contents (some redactions) of the packet it sends:
.@.j...v2015/09/10-03:34:29.436 id=firewall sn=C0EAE46B1ED2 time="2015-09-10 03:34:29 UTC" fw=none pri=6 c=0 m=1080 msg="SSL VPN zone remote user login allowed" sess= n=13605 usr="pingz" src=xx.xxx.xx.xxx:0:X1 dst=xxx.xx.xx.xxx:0:X1 proto=tcp original_source=id=firewall msg="SSL VPN zone remote user login allowed" level=6 IPV4=xx.xxx.xx.xxx sourceip=xx.xxx.xx.xxx facility=local0 username=xxxxx
This happens for every message it sends for this stream.
Obviously the message isn't 842019125 bytes long.