I'm replacing existing syslog with ELK setup.
I tried to send some devices syslog message, all messages are received by logstash [ syslog Plugiin ] without any issue. EXCEPT "dell Blade switch". I don't know why.
To ensure the packet atleast reaches the syslog server that sent by Switch , I run "tcpdump". below is log
13:46:42.557571 IP (tos 0x0, ttl 62, id 63117, offset 0, flags [none], proto UDP (17), length 160)
10.10.10.14.61564 > 10.11.12.169.514: SYSLOG, length: 132
Facility local7 (23), Severity notice (5)
Msg: Dec 26 08:17:02: TG-TES-ED-QWS-R1: %MXL-10/40GbE:0 %OFAGT-5-OFA_AGT_LOG: OFA: Registeration with OFM not completed, retrying...
0x0000: 4500 00a0 f68d 0000 3e11 01f5 0a15 6302 E.......>.....c.
0x0010: 0a0b 0ca9 f07c 0202 008c 41d7 3c31 3839 .....|....A.<189
0x0020: 3e44 6563 2032 3620 3038 3a31 373a 3032 >Dec.26.08:17:02
0x0030: 3a20 5047 2d4c 4153 2d44 432d 4d58 4c2d :.TG-TES-ED-QWS-
0x0040: 5231 3a20 254d 584c 2d31 302f 3430 4762 R1:.%MXL-10/40Gb
0x0050: 453a 3020 254f 4641 4754 2d35 2d4f 4641 E:0.%OFAGT-5-OFA
0x0060: 5f41 4754 5f4c 4f47 3a20 4f46 413a 2052 _AGT_LOG:.OFA:.R
0x0070: 6567 6973 7465 7261 7469 6f6e 2077 6974 egisteration.wit
0x0080: 6820 4f46 4d20 6e6f 7420 636f 6d70 6c65 h.OFM.not.comple
0x0090: 7465 642c 2072 6574 7279 696e 672e 2e2e ted,.retrying...
It completely shows, the packet reaches the logstash "syslog" input filter port. But I don't know why it was not logged in the file.
For testing, I send message from Cisco Switch/Router to the same syslog input filter , It logged successfully.
I've only doubt, why the log messages is unable to receive by logstash input plugin [ EVEN tested UDP ] also.