Filebeat UDP input problem setting up on Windows

Hello,

Trying to send some syslog to a Filebeat running on my Windows 10 device. Filebeat configuration:

- type: udp
  max_message_size: 10KiB
  host: "localhost:10514"
  pipeline: filebeat-pfsense

Now although I can see the syslog coming in with Wireshark:

image.png1040×56 2.16 KB

Windows Firewall is off. Enabled debug in filebeat.yml

Relevant logs:

2019-09-22T20:55:48.089+0200	INFO	input/input.go:114	Starting input of type: udp; ID: 10874948813930738873 
2019-09-22T20:55:48.089+0200	INFO	crawler/crawler.go:106	Loading and starting Inputs completed. Enabled inputs: 1
2019-09-22T20:55:48.089+0200	INFO	udp/input.go:102	Starting UDP input
2019-09-22T20:55:48.092+0200	INFO	[udp]	udp/server.go:81	Started listening for UDP connection	{"address": "localhost:10514"}
2019-09-22T20:58:18.101+0200|DEBUG|[input]|input/input.go:152|Run input|
2019-09-22T20:58:28.101+0200|DEBUG|[input]|input/input.go:152|Run input|
2019-09-22T20:58:38.102+0200|DEBUG|[input]|input/input.go:152|Run input|

Someone any idea why the syslog is not ingested in elasticsearch? Other logs I added work fine. Simulating my pipeline also works fine. What does "Run input" mean?

Anyone any idea what I'm doing wrong?

Willem

Perhaps try the IP address of the filebeat host not localhost since that is usually tied to loopback example

host: "192.168.1.101:10514"

Hello Stephen,

Thank you very much for the suggestion, logs are indexed as expected atm!

Willem

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.