I have managed to get the graylog2 server v1.2.2 running with their virtual appliance.
Everything seems to work just fine, except that the graylog server instance
was not listening on the ports defined in graylog2.conf.
In netstat I see the graylog java process associated to the ports 12201 and
514, yet they are not in state LISTEN, and any log messages i send to my
machine on 12201 as gelf via udp are not picked up.
I read the getting started documentation for the setup from bottom up again but could not find anything.
Message inputs are the Graylog parts responsible for accepting log messages. They are launched from the web interface (or the REST API) in the System -> Inputs section and are launched and configured without the need to restart any part of the system.
I added those from the System>Input screen – boom – it started listening.
Looking for a good tutorial to setup graylog? have a look there.