First off, thank you for whatever help/suggestions you provide.
I recently posted in the r/elasticsearch trying to understand the difference between logstash and filebeat and was greatly helped by someone on the team. However, as all things do, it spiraled into him helping me troubleshoot and that isn't what he needs to do. So he pointed me here.
I am attempting to setup a local filebeat that acts like a syslog receiver following the instructions here Syslog input | Filebeat Reference [7.12] | Elastic and Configure the output | Filebeat Reference [7.12] | Elastic.
When I add those configurations to my filebeat.yml I see the local syslog traffic in Elastic, but I am not seeing port 9000 (I also tried 514, but that didn't matter really) open to recieve syslog log from other systems. Is my understanding of that wrong? Or did I mess up somewhere?
Here is my filebeat.yml configs.
- type: syslog protocol.udp: host: "localhost:9000" # Change to true to enable this input configuration. enabled: false # Paths that should be crawled and fetched. Glob based paths. paths: - /var/log/*.log output.elasticsearch: # Array of hosts to connect to. hosts: ["localhost:9200"] username: "[redacted]" password: "[Redacted]"
Again thank you for the help.