(sorry a newbie question, but I've searched and tried every piece of advice and documentation I could find with no luck)
Basicly I cannot get any UDP/514 syslogs in???
My infilter looks like:
syslog {
type => 'network'
port => 514
}
also tried
udp {
type => 'syslog'
port => 514
}
eg. my (procurve) switch syslog config is
Syslog Configuration
Syslog Facility : syslog
Syslog Severity : debug
Syslog System Module : all-pass
Syslog Priority Description :
Syslog Server Details
Syslog Server Address L4 Port Syslog Control Descr
----------------------------------- --- ------ --------------------
192.168.xxx.yyy UDP 514
also tried:
Syslog Configuration
Syslog Facility : user
Syslog Severity : debug
Syslog System Module : all-pass
Syslog Priority Description :
Syslog Server Details
Syslog Server Address L4 Port Syslog Control Descr
----------------------------------- --- ------ --------------------
192.168.xxx.yyy UDP 514
I've configured LS to be able to use ports <1024 as well as user root user to allow privileged ports
Also the network is fine - there is a policy to allow UDP/514 to/from client to syslogserver
=> but STILL I cannot see any logsources that use UDP/514 (unfortunately we have many devices that we cannot configure to use any other than UPD/514)
more clues/guessing below:
Configuration setup for networking devices is still showing only port 5544???
Log Server IP/Hostname TCP/UDP Port
nagioslog.domus.dom 5544
Configuration section is showing: ONLY tcp6 and UDP6???
Logstash is currently collecting locally on: 192.168.xxx.yyy tcp6: 3515, 514, 2056, 5544, 2057udp6: 5544, 514
Thanks for any help & advice!
Cannot get any UDP/514 syslogs in
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Cannot get any UDP/514 syslogs in
To listed on privileged ports (below 1024) there is a special procedure required, see this document:
https://assets.nagios.com/downloads/nag ... Server.pdf
https://assets.nagios.com/downloads/nag ... Server.pdf