Hello all,
i'm running logstash 5.6.X in a CentOS 7 virtual machine with 2GB. Logstash is running with a conf.d file that makes it listen to port 5140 (since it can't start a UDP listener on port 514), the logs are being sent by a device to port 514 and being succesfully redirected by the socat application (i triple checked if they were being redirected).
The problem is, since july 25 we went from receiving 15-16 million logs a day from the device to receiving 300 thousand a day,the logstash log's dont' output any errors, the elasticsearch cluster has disk space and memory to spare.
Through tcpdump i listened port 514 for a minute and we received 61439 udp packets from the device address.
What could be the problem?