ESET Protect CLOUD logs send to Logstash

Hi All,

I have a problem with the logs received by my ESET POTECT CLOUD Console.

This is what i received :

"\u0000\u0000\u0011\u0000\u000F\u0000\u0000\f82.64.237.88\u0000\v\u0000\u0004\u0003\u0000\u0001\u0002\u0000\n"

Here my input config :

input {

syslog {
port => 6514
syslog_field => "syslog"
codec => plain {
charset => "UTF-8"
}

}

Thank's

Hello and welcome,

This seems to be using a different charset, you need to check with ESET which charset is being used to send the logs.

This is not an issue on Logstash side, but on the sender side.

Hi ,

Thanks for you message, on the Eset Console side I have this :

Look at the last line of that image. It expects a TLS-enabled syslog server. logstash does not do TLS for syslog. What do you get with a tcp input?

With Tcp input i get the same logs :

"u0000\u0000\u0011\u0000\u000F\u0000\u0000\f82.64.237.88\u0000\v\u0000\u0004\u0003\u0000\u0001\u0002\u0000\n"

Did you try set connect with certificate signed CA ?

yeah i try it but i have the same issue

How looks input.conf on logstash ?