Logstash and permiscious mode - no data?


I have a problem.
The problem is partly described on: https://github.com/elastic/logstash/issues/9948

Logstash does not want to read the data sent in permiscious mode.

On the same system, tcpdump returns information about the data being sent to a specific udp port (say UDP/2002) to that system.

user@HOSTNAME:$ sudo tcpdump -i ens192 port 2002 -c 5
07:59:40.158066 IP > HOSTNAME.2002: UDP length 1415

Logstash has a standard configuration.

The pipeline has an input:

input {
  udp {
    port => 2002

In Logstash log/status there is information that Logstash is listening on a given port (example UDP/2002).

However, Logstash does not actually read any data.

I can specify the listening on a specific IP address from the interface (in Logstash pipeline - input/host) but this does not solve the problem.

What could be the problem?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.