This article shows how to use the Linux logger utility to test for UDP connectivity to Cribl Stream.
Issue
Customers commonly run into network connectivity issues when trying to send traffic to their Cribl Stream Workers. The majority of cases can be attributed to one or more of the following:
- Firewall / ACL blocking
- Proxy usage that is not configured or misconfigured
- DNS resolution problems
- Invalid or inaccessible routes
While these are complex enough to diagnose, troubleshooting UDP traffic problems can be even more difficult as it is a connectionless protocol. One aid in troubleshooting is to use a tool like logger to send test traffic to Cribl.
Usage
Make sure your Cribl Worker(s) are online and the syslog source is properly configured. Check that any enabled firewalls and policies on the Worker allow the inbound traffic (not necessary if using Cribl Cloud Workers). Once confirmed, use a test system and send the following command:
logger --udp -n <worker name or host or IP> -P <port> '<Your test message>'
For example, when using Cribl Cloud, our test might look like this to the 'default' group:
logger --udp -n default.main.your-environ-name.cribl.cloud -P 9514 'My test message'
Run a capture on the Worker Group before running the test. If successful, the message should appear in the capture:
When enabling the internal fields option, you should see the __srcIpPort field which includes the protocol and address of the sending system in the event, confirming successful delivery to Cribl.
To narrow down potential issues, try the test from different sources if possible, such as:
- The Worker itself (if you are managing the Worker) to it's local 127.0.0.1 address
- A system that is on the same network as the problematic source(s)
- A system that is NOT on the same network
Summary
Needing to troubleshooting network issues when sending data to Cribl Stream is fairly common. Use tools like logger to assist with diagnosis and eliminating potential causes.