Cannot get any UDP/514 syslogs in
Posted: Tue Aug 28, 2018 5:28 am
(sorry a newbie question, but I've searched and tried every piece of advice and documentation I could find with no luck)
Basicly I cannot get any UDP/514 syslogs in???
My infilter looks like:
syslog {
type => 'network'
port => 514
}
also tried
udp {
type => 'syslog'
port => 514
}
eg. my (procurve) switch syslog config is
Syslog Configuration
Syslog Facility : syslog
Syslog Severity : debug
Syslog System Module : all-pass
Syslog Priority Description :
Syslog Server Details
Syslog Server Address L4 Port Syslog Control Descr
----------------------------------- --- ------ --------------------
192.168.xxx.yyy UDP 514
also tried:
Syslog Configuration
Syslog Facility : user
Syslog Severity : debug
Syslog System Module : all-pass
Syslog Priority Description :
Syslog Server Details
Syslog Server Address L4 Port Syslog Control Descr
----------------------------------- --- ------ --------------------
192.168.xxx.yyy UDP 514
I've configured LS to be able to use ports <1024 as well as user root user to allow privileged ports
Also the network is fine - there is a policy to allow UDP/514 to/from client to syslogserver
=> but STILL I cannot see any logsources that use UDP/514 (unfortunately we have many devices that we cannot configure to use any other than UPD/514)
more clues/guessing below:
Configuration setup for networking devices is still showing only port 5544???
Log Server IP/Hostname TCP/UDP Port
nagioslog.domus.dom 5544
Configuration section is showing: ONLY tcp6 and UDP6???
Logstash is currently collecting locally on: 192.168.xxx.yyy tcp6: 3515, 514, 2056, 5544, 2057udp6: 5544, 514
Thanks for any help & advice!
Basicly I cannot get any UDP/514 syslogs in???
My infilter looks like:
syslog {
type => 'network'
port => 514
}
also tried
udp {
type => 'syslog'
port => 514
}
eg. my (procurve) switch syslog config is
Syslog Configuration
Syslog Facility : syslog
Syslog Severity : debug
Syslog System Module : all-pass
Syslog Priority Description :
Syslog Server Details
Syslog Server Address L4 Port Syslog Control Descr
----------------------------------- --- ------ --------------------
192.168.xxx.yyy UDP 514
also tried:
Syslog Configuration
Syslog Facility : user
Syslog Severity : debug
Syslog System Module : all-pass
Syslog Priority Description :
Syslog Server Details
Syslog Server Address L4 Port Syslog Control Descr
----------------------------------- --- ------ --------------------
192.168.xxx.yyy UDP 514
I've configured LS to be able to use ports <1024 as well as user root user to allow privileged ports
Also the network is fine - there is a policy to allow UDP/514 to/from client to syslogserver
=> but STILL I cannot see any logsources that use UDP/514 (unfortunately we have many devices that we cannot configure to use any other than UPD/514)
more clues/guessing below:
Configuration setup for networking devices is still showing only port 5544???
Log Server IP/Hostname TCP/UDP Port
nagioslog.domus.dom 5544
Configuration section is showing: ONLY tcp6 and UDP6???
Logstash is currently collecting locally on: 192.168.xxx.yyy tcp6: 3515, 514, 2056, 5544, 2057udp6: 5544, 514
Thanks for any help & advice!