Running logstash 7.3.0 as a docker container.
I have a UDP input receiving messages from from some Cisco ASA's and the host field is populating with the docker bridge network gateway address vs the firewall's IP.
Ruby debug output shows: "host" => "172.18.0.1",
I've been searching trying to see if anyone else has encountered this before. I can't seem to replicate the issue in my lab.
I've also done some sniffing and can see the traffic coming in to the host machine with the proper source IP.
How exactly does the host field get populated in logstash? Any suggestions are greatly appreciated!
I can't replicate this issue in a lab. I just updated to 7.3.1 and swapped out to different hardware. I'm going to try running logstash as a service on the host box as opposed to a docker container. I expect that to resolve the problem.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.