No data in indices #351
Replies: 4 comments 2 replies
-
have you tried running tcp dump to confirm logs are being received/sent? |
Beta Was this translation helpful? Give feedback.
-
Here are the results
And in PfSense in Status > System Logs > General it says: Nov 6 16:41:18 | syslogd | | sendto: Host is down |
Beta Was this translation helpful? Give feedback.
-
@jeffprandall - based on the output provided above, you are sending pfSense logs via TCP. The base setup is configured for UDP. You can adjust pfSense to send via UDP |
Beta Was this translation helpful? Give feedback.
-
@jeffprandall - I am not running pfSense and unsure where that setting would reside. However @revere521 might be able to step some insight on the topic. Additionally, to get you up and running, simply revise the 01-inputs.conf to listen on tcp vs udp, save and restart Logstash. Revised 01-inputs.conf below, once updated restart Logstash and you should be good-to-go.
|
Beta Was this translation helpful? Give feedback.
-
I feel like a noob here. Fresh ubuntu 20 install, did all the steps, everything seems up and running, charts and templates all imported, OPNsense updated and forwarding the logs. Still no data. When I run ss -aunp I see something is listening on ports 5140 and 5141 but if run nmap -sU -p 5140 192.168.2.15 from a remote computer it shows the port is closed. UFW is Inactive.
Beta Was this translation helpful? Give feedback.
All reactions