Issues accepting Push (Syslog/Raw UDP) from Packet Broker
GOAT Mind,
I am using a packet broker to aggregate my syslog data, then push it to Cribl Stream, which is running on Red Hat 9.
I have had to spoof the MAC to the NIC and give it the accepting IP address that the Packet Broker is expecting to receive the data. Next I have had to modify kernel parameters so the data can be seen at the NIC.
I can see the data at the NIC via tcpdump and ngrep. However, nether of the Crible Stream Sources Syslog or UDP are able to pick up the data, whether I use the specific IP for the NIC or leave it wide open (0.0.0.0).
I have gone as far as SELinux running in permissive mode and disabled the firewalld, all with no luck with the source picking up data.
Has anyone run into this issue and if so, how did they solve it?
Scott