Hi Team
I have really weird issue.
I have Filebeat configured to except logs on port 514, here is the input configurations:
filebeat.inputs:
-type: udp
enabled: true
max_message_size: 64KiB
host: "0.0.0.0:514"
Here are the logs from the Filebeat service logs:
As you can see the UDP listener is started, but no logs are being processed by the pipeline. There are no errors or warnings in the logs, even at the debug level.
We see that the Filebeat is listening on port 514
C:\Users\filebeatadmin>netstat -ano | findstr 514
UDP 0.0.0.0:514 : 1484
UDP [::]:514 : 1484
- We clearly see on Wireshark on this host that logs being sent to this port 514 continuously.
- We installed Kiwi server instead that also listen to logs on 0.0.0.0:514 UDP and we do see that logs are being indexed.
- When we configured the Kiwi service to except the logs on port 0.0.0.0:514 and send it to the Filebeat service to port 127.0.0.1:10514, and configured input on the Filebeat on port 127.0.0.1:10514 the Filebeat is accepting logs as expected.
This is really weird issue any help will be much appreciated!
Thanks in advanced