I am having trouble trying to receive syslog data that is being sent to a multicast address.
Current setup is this
Ubuntu PC with rsyslogd configured to send syslog data to a multicast address
. @239.4.4.4:9211
note that if i use a unicast address all works well with the standard syslog input
. @192.168.0.100:9211
I can verify with wireshark that the machine with logstash running on it is receiving the multicast traffic however I cannot determine a setup for logstash that will allow ingestion of this multicast traffic.
Has anyone run into something similar or been able to configure an input to receive multicast traffic?
thanks.