You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our current firewall only supports syslog over UDP with port 514. I attempted to follow the Syslog Forwarding guidance in the documentation, exchanging TCP for UDP and specifying port 514/udp in the PublishPort line, but it doesn't seem to be working.
Specific things I changed:
Added integration for Custom UDP Logs instead of Custom TCP Logs
While configuring Custom UDP Logs, specified a listen port of 514 and a dataset name of udp.syslog
In /etc/containers/systemd/lme-fleet-server.container, I changed the PublishPort directive to PublishPort=8220:8220,514:514/udp
Created an rsyslog configuration /etc/rsyslog.d/60-forward-udp.conf with a forwarding directive of . @@my-lme-ip:514
Am I missing something? I'm not super familiar with rsyslog, podman, or elastic.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Our current firewall only supports syslog over UDP with port 514. I attempted to follow the Syslog Forwarding guidance in the documentation, exchanging TCP for UDP and specifying port 514/udp in the PublishPort line, but it doesn't seem to be working.
Specific things I changed:
/etc/containers/systemd/lme-fleet-server.container, I changed the PublishPort directive toPublishPort=8220:8220,514:514/udp/etc/rsyslog.d/60-forward-udp.confwith a forwarding directive of. @@my-lme-ip:514Am I missing something? I'm not super familiar with rsyslog, podman, or elastic.
Beta Was this translation helpful? Give feedback.
All reactions