syslog output to ALB showing TCP endpoint errors
I'm working with our security team who's wanting me to send events to his AWS ALB syslog destination which has multiple syslog nodes behind it.
He's getting events, but the cribl UI is consistantly showing the destination as experiencing issues. It's going through a loop of successfully establishing a connection, 1 minute later the sender disconnects it, 1 minute later it restablishes
I do not experience this same thing when I use a non-loadbalanced syslog destination.
Does anyone have thoughts on how to resolve or even troubleshoot this? Would using TLS help?