Hi all, I'm trying to make filebeat receive pfsense syslog.
my filebeat.yml input part:
filebeat.inputs:
- type: syslog
protocol.udp:
host: "0.0.0.0:9560"
fields_under_root: true
fields:
input.type: pfsense
My pfsense config:
It's connected as syslog show. But I can't find any log come from pfsense.
Please if you know how to resolve it please share with me.
Thanks & Regards
Hello, Had a similar issue when I setup my pfsense. Solved by setting the real ip of the host instead of 0.0.0.0. Please try that and make sure your local fw allows udp on 9560. Grtz
Hi, a staff on elastic stack slask channel tell me to change into 0.0.0.0
My previous config is the pfsense IP
Is pfsense running on the host running filebeat?
If not, you could try set the ip of the host..
they are not on the same server
After changed into pfsense IP, I got the error on syslog
2020-05-24T18:02:29.737+0700#011ERROR#011[syslog]#011syslog/input.go:158#011Error starting the servererrorlisten udp 192.168.1.23:9560: bind: cannot assign requested address
When I use 0.0.0.0:9560, I can see port 9560 listening. But when changed to 192.168.1.23:9560, I dont see port 9560 on port running anymore
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
