search

hartfordfive / protologbeat

Application accepting log data via TCP or UDP to then index the data in Elasticsearch
Other
27 stars 14 forks source link

TCP mode questions.. #15

Open r4ravi2008 opened 7 years ago

r4ravi2008 commented 7 years ago

I have been trying to forward the events using TCP mode, and the plugin seems to forward only the first TCP event it receives after establishing a TCP connection. How can I debug this? The debug mode doesn't seem to be of much help.

I tested this using ncat. And the plugin seems to send RST packet after receiving first packet.

Here is the config I am using:

protologbeat:
  address: "127.0.0.1"
  port: 25001
  max_msg_size: 65535
  protocol: tcp
output.logstash:
  # The Logstash hosts
  hosts: ["172.16.1.64:5044"]