ESET Protect CLOUD logs send to Logstash

Roverboy · October 30, 2024, 10:00am

Hi All,

I have a problem with the logs received by my ESET POTECT CLOUD Console.

This is what i received :

"\u0000\u0000\u0011\u0000\u000F\u0000\u0000\f82.64.237.88\u0000\v\u0000\u0004\u0003\u0000\u0001\u0002\u0000\n"

Here my input config :

input {

syslog {
port => 6514
syslog_field => "syslog"
codec => plain {
charset => "UTF-8"
}

}

Thank's

leandrojmp · October 30, 2024, 12:54pm

Hello and welcome,

This seems to be using a different charset, you need to check with ESET which charset is being used to send the logs.

This is not an issue on Logstash side, but on the sender side.

Roverboy · October 30, 2024, 1:35pm

Hi ,

Thanks for you message, on the Eset Console side I have this :

Badger · October 30, 2024, 1:48pm

Look at the last line of that image. It expects a TLS-enabled syslog server. logstash does not do TLS for syslog. What do you get with a tcp input?

Roverboy · October 30, 2024, 2:44pm

With Tcp input i get the same logs :

"u0000\u0000\u0011\u0000\u000F\u0000\u0000\f82.64.237.88\u0000\v\u0000\u0004\u0003\u0000\u0001\u0002\u0000\n"

Sakull · November 20, 2024, 7:13am

Did you try set connect with certificate signed CA ?

Topic		Replies	Views
ESET Protect Cloud logs Logstash	3	360	May 25, 2023
Syslog input, received character set? Logstash	4	3744	July 6, 2017
Configure tcp input to accept syslog over ssl Logstash	6	1245	July 23, 2020
Picking the right charset for Filebeat Logstash	1	849	February 11, 2018
Logstash syslog issue Logstash	9	1098	April 23, 2018