Syslog system?
-
Hi,
I was wondering if someone could shed some light on this issue i have been having the past 2 days.So I have pfSense sending logs to my ELK on port 5140 I know that logstash is running also when i run
tail -f /var/log/logstash/logstash.stdouti get nothing and i see the firewall logs running on pfSense so For second i thought it was my ELK machine then i Saw on the syslog something odd something about kernel boot file i googled a few places says it was corrupt the syslog so i reset my logs and nothing it still appears there
I was wondering if anyone had any ideas?
Thank you
-
The logs you're showing are just the normal log output for when syslogd restarts, which it does after clearing the log file or putting in a syslog IP.
Packet capture on LAN (assuming that's where your ELK server resides) port 5140, wait long enough for it to trigger some logs on its own, or go to Diag>Command and run 'logger test log'. Stop the capture, see traffic?
-
Hi Thank you for the reply, After yesterday trouble shooting over and over i first verified with syswatcher to see if im getting the logs which i was so as soon as i saw that i knew it was ELK the issue. As i thought instead of looking over it i just formatted ELK but instead of 5140 i changed logstash to 5144 and its working flawless
Thank you again