We have updated our Terms of Service, Code of Conduct, and Addendum.

Not seeing data on "Live data" on Syslog Source.

Options
Kyle McCririe
Kyle McCririe Posts: 29 ✭✭
in Stream

Hi, I am not seeing data come in on a Syslog Source I am setting up. But I do see the syslog data coming into the Worker with a TCP Dump.

The worker OS is RHEL 9.

Tagged:

Best Answer

  • Franky Laarits
    Franky Laarits Posts: 59 ✭✭
    Answer ✓
    Options

    Hi Kyle!
    I've seen this in the past where a local firewall was preventing the data from flowing. The interesting thing is that 'tcpdump' is capturing packets before they touch the firewall, so it makes sense you can see the data here.

    A quick and dirty test would be to disable the local firewall and see if the syslog events begin to flow. You should be able to use a command such as:

    "systemctl stop firewalld"

Answers

  • Franky Laarits
    Franky Laarits Posts: 59 ✭✭
    Answer ✓
    Options

    Hi Kyle!
    I've seen this in the past where a local firewall was preventing the data from flowing. The interesting thing is that 'tcpdump' is capturing packets before they touch the firewall, so it makes sense you can see the data here.

    A quick and dirty test would be to disable the local firewall and see if the syslog events begin to flow. You should be able to use a command such as:

    "systemctl stop firewalld"

  • Kyle McCririe
    Kyle McCririe Posts: 29 ✭✭
    Options

    I was able to stop the Firewalld service and data is now flowing!!

Categories