Filebeat UDP input problem setting up on Windows

willemdh · September 22, 2019, 7:22pm

Hello,

Trying to send some syslog to a Filebeat running on my Windows 10 device. Filebeat configuration:

- type: udp
  max_message_size: 10KiB
  host: "localhost:10514"
  pipeline: filebeat-pfsense

Now although I can see the syslog coming in with Wireshark:

The data is not ingested in elasticsearch..

Windows Firewall is off. Enabled debug in filebeat.yml

Relevant logs:

2019-09-22T20:55:48.089+0200	INFO	input/input.go:114	Starting input of type: udp; ID: 10874948813930738873 
2019-09-22T20:55:48.089+0200	INFO	crawler/crawler.go:106	Loading and starting Inputs completed. Enabled inputs: 1
2019-09-22T20:55:48.089+0200	INFO	udp/input.go:102	Starting UDP input
2019-09-22T20:55:48.092+0200	INFO	[udp]	udp/server.go:81	Started listening for UDP connection	{"address": "localhost:10514"}
2019-09-22T20:58:18.101+0200|DEBUG|[input]|input/input.go:152|Run input|
2019-09-22T20:58:28.101+0200|DEBUG|[input]|input/input.go:152|Run input|
2019-09-22T20:58:38.102+0200|DEBUG|[input]|input/input.go:152|Run input|

Someone any idea why the syslog is not ingested in elasticsearch? Other logs I added work fine. Simulating my pipeline also works fine. What does "Run input" mean?

Anyone any idea what I'm doing wrong?

Willem

stephenb · September 23, 2019, 5:01am

Perhaps try the IP address of the filebeat host not localhost since that is usually tied to loopback example

host: "192.168.1.101:10514"

willemdh · September 23, 2019, 5:10pm

Hello Stephen,

Thank you very much for the suggestion, logs are indexed as expected atm!

Willem

system · October 21, 2019, 5:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.