zube[bot]
commented
5 years ago sdndude said: This is fixed in commit 8fb9e8a
Closed punisherVX closed 5 years ago
zube[bot]
commented
5 years ago sdndude said: This is fixed in commit 8fb9e8a
As of 3.5, with the pipelines set up to accept both TCP and UDP streams on the same port, logstash will fill up the /var/logstash/-events-errors-.log files. This is because if nothing is being sent via TCP, the NGFW still sends an abnormal message to the logstash server through TCP on port 5514/5516 and all of those messages wind up in the file and it fills the filesystem if there are enough of them.
We don't need TCP for syslog, so it needs to be removed from all pipelines and it won't be a problem anymore.