Has anyone successfully used the syslog input on windows?
I have tried several incantations of configuration so far, and I get no results. Historically we have used nxlog to take syslog input and spool to a file on a windows device, then use filebeat to ship up to our elastic instance. This works, however if disable nxlog, and enable the config below, and I do not seem to get any errors that appear relavant to the syslog input until I stop the filebeat service.
This is currently on filebeat 6.4.1
below is my config
filebeat.inputs:
- type: syslog
protocol.udp:
host: "localhost:9200"
INFO [udp] udp/server.go:66 Started listening for UDP connection {"address": ":9200"}
| 2019-04-18T12:29:14.987-0400 | INFO | pipeline/output.go:95 | Connecting to backoff(async(tcp://redacted:5044)) |
|---|---|---|---|
| 2019-04-18T12:29:15.242-0400 | INFO | pipeline/output.go:105 | Connection to backoff(async(tcp://redacted:5044)) established |
2019-04-18T12:30:18.864-0400 INFO beater/filebeat.go:437 Stopping filebeat
2019-04-18T12:30:18.864-0400 INFO crawler/crawler.go:139 Stopping Crawler
2019-04-18T12:30:18.864-0400 INFO crawler/crawler.go:149 Stopping 2 inputs
2019-04-18T12:30:18.865-0400 INFO cfgfile/reload.go:199 Dynamic config reloader stopped
2019-04-18T12:30:18.865-0400 INFO input/input.go:149 input ticker stopped
2019-04-18T12:30:18.865-0400 INFO input/input.go:149 input ticker stopped
2019-04-18T12:30:18.865-0400 INFO input/input.go:167 Stopping Input: 5412875198630408736
2019-04-18T12:30:18.865-0400 INFO input/input.go:167 Stopping Input: 5363834309349341485
2019-04-18T12:30:18.865-0400 INFO [syslog] syslog/input.go:188 Stopping Syslog input
2019-04-18T12:30:18.865-0400 INFO [udp] udp/server.go:117 Stopping UDP server {"address": ":9200"}
2019-04-18T12:30:18.865-0400 ERROR [udp] udp/server.go:99 Error reading from the socket {"address": ":9200", "error": "read udp 0.0.0.0:9200: use of closed network connection"}
2019-04-18T12:30:18.865-0400 INFO [udp] udp/server.go:121 UDP server stopped {"address": ":9200"}