Hi All,
I have a problem with the logs received by my ESET POTECT CLOUD Console.
This is what i received :
"\u0000\u0000\u0011\u0000\u000F\u0000\u0000\f82.64.237.88\u0000\v\u0000\u0004\u0003\u0000\u0001\u0002\u0000\n"
Here my input config :
input {
syslog {
port => 6514
syslog_field => "syslog"
codec => plain {
charset => "UTF-8"
}
}
Thank's
leandrojmp
(Leandro Pereira)
October 30, 2024, 12:54pm
2
Hello and welcome,
This seems to be using a different charset, you need to check with ESET which charset is being used to send the logs.
This is not an issue on Logstash side, but on the sender side.
Hi ,
Thanks for you message, on the Eset Console side I have this :
Badger
October 30, 2024, 1:48pm
4
Look at the last line of that image. It expects a TLS-enabled syslog server. logstash does not do TLS for syslog. What do you get with a tcp input?
With Tcp input i get the same logs :
"u0000\u0000\u0011\u0000\u000F\u0000\u0000\f82.64.237.88\u0000\v\u0000\u0004\u0003\u0000\u0001\u0002\u0000\n"
Sakull
(Sakull)
November 20, 2024, 7:13am
6
Did you try set connect with certificate signed CA ?
yeah i try it but i have the same issue
Sakull
(Sakull)
December 6, 2024, 9:55am
8
How looks input.conf on logstash ?