Hi All,
I have Cisco FTD enabled and it is ingesting lots of data into ES. Great. However, after looking at the various data in ES I noticed a few entries missing which I see in the syslog on the default port 9003 using tcpdump but not in ES. I do not have any filters setup, in fact my configuration is pretty simple with just the syslog ip/port specified. I am not doing any filtering.
Does anyone know where in Filebeat I can see what it is dropping data?
Thank you