TCP input failed with Checkpoint syslog integration

Elastic Stack Beats
,
1

Hi
I've been unable to setup the Checkpoint Elastic integration due to this error.

[elastic_agent.filebeat][error] Input 'tcp' failed with: context canceled

Settings:
Integration info:
logfile: disabled
UDP: disabled

TCP:

  • Syslog Host: 0.0.0.0 or localhost or (10.x.x.x)
  • Syslog Port: 9001 or 5514
  • All other settings default

Platform info:
Elastic Agent 8.7.1 - Installed on Red Hat Enterprise Linux release 9.1 Using rpm package

Also reproduced the error with docker-elastic-agent-8.7.1, docker-elastic-agent-complete-8.7.1, docker-elastic-agent-8.7.0

Elastic Agent inspect: IP address has been obfuscated

- data_stream:
    namespace: default
  id: tcp-checkpoint-4ac55184-d551-4520-85bf-ce913c5afda4
  meta:
    package:
      name: checkpoint
      version: 1.19.0
  name: checkpoint
  package_policy_id: 4ac55184-d551-4520-85bf-ce913c5afda4
  revision: 4
  streams:
  - data_stream:
      dataset: checkpoint.firewall
      type: logs
    fields:
      _conf:
        tz_offset: UTC
    fields_under_root: true
    host: 10.x.x.x:9001
    id: tcp-checkpoint.firewall-4ac55184-d551-4520-85bf-ce913c5afda4
    processors:
    - add_locale: null
    publisher_pipeline.disable_host: true
    ssl: null
    tags:
    - forwarded
  type: tcp
  use_output: default
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.