Filebeat Cisco Module: Listening on IPV6 only?

I have configured the Cisco module to listen on 0.0.0.0 UDP/514.

If I use echo and netcat to send a message from localhost, I can see it come in (on loopback) with tcpdump, and filebeat parses the message successfully.

If I use the same command on a remote server, I can see it come in (on eth0) with tcpdump but filebeat does not parse the message.

Netstat shows there is a listener on UDP 514 (i.e. syslog), but only udp6. Could this be why the messages are not being parsed by filebeat when coming in on eth0?

netstat -lu output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 127.0.0.53:domain 0.0.0.0:*
udp 0 0 0.0.0.0:snmp 0.0.0.0:*
udp 0 0 0.0.0.0:hostmon 0.0.0.0:*
udp6 0 0 [::]:syslog [::]:*
udp6 0 0 [::]:hostmon [::]:*

madhatt,

I've seen similar behavior before, tho admittedly in java apps - try setting the host to be the ipv4 ip you want the system listening on and see if that works. (I've never gotten to the point of actually determining what the root cause of the issue is, but have seen exactly the same behavior where a default ipv4/6 listener only listens on ipv6). I want to say it was an /etc/hosts config that the system was having an issue with, but it was a while ago.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.