Unable to capture the syslog events from port 514

I have entire devices logs that are pushing to my server on port 514 and I can able to see that in tcpdump as below:

[root@localhost config]# tcpdump -i eno1 port 514 -vvvv
2:20:03.035727 IP (tos 0x0, ttl 28, id 22525, offset 0, flags [none], proto UDP (17), length 189)
10.0.1.227.syslog > localhost.localdomain.syslog: [udp sum ok] SYSLOG, length: 161
Facility local7 (23), Severity info (6)
Msg: Jun 20 19:22:01.161 UTC: 10.240.12.197:8514 764: xxxxx:Jun 20 19:22:01.161 UTC: exec[67401]: %SECURITY-LOGIN-6-CLOSE : User 'xxxxxx' logged out \0x0a
0x0000: 3c31 3930 3e4a 756e 2032 3020 3139 3a32
0x0010: 323a 3031 2e31 3631 2055 5443 3a20 2031
0x0020: 302e 3234 302e 3132 2e31 3937 3a38 3531
0x0030: 3420 3736 343a 2052 502f 302f 5253 5030
0x0040: 2f43 5055 303a 4a75 6e20 3230 2031 393a
0x0050: 3232 3a30 312e 3136 3120 5554 433a 2065
0x0060: 7865 635b 3637 3430 315d 3a20 2553 4543
0x0070: 5552 4954 592d 4c4f 4749 4e2d 362d 434c
0x0080: 4f53 4520 3a20 5573 6572 2027 4457 542d
0x0090: 4f50 5427 206c 6f67 6765 6420 6f75 7420
0x00a0: 0a

However, when I am using this below logstash config, I am unable to see the logs
input {
syslog {
type => "syslog"
}
}
output {
stdout { codec => rubydebug }
}

Even I am running logstash with the root user as ./logstash -f logstash.conf to rule out the privileged port issue.

Please help me in debugging this further.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.