Syslog and Netflow Configuration Sample

[Sam Iland]

Hi All,

I am new to Fluentd and planning to use is in my environment to gather syslog and netflow for my OPNSense Firewall (Free BSD)

My Fluentd is installed on CentOS 7

I have reviewed several samples across the Internet but could not find a working sample.

I am thinking my configuration is incorrect... here is my sample configuration (refer to sample config)

The fluentd logs and service is showing up and running (refer to fluentd image)

The TCPdump from CentOS is able to see syslog but not Netflow (refer to tcpdump). 

There is no rules blocking in-between and I have set OPNsense (192.168.171.10) to push syslog and netflow to the CentOS (192.168.171.2) [refer to opnsense1 and opnsense2]

My aim for now is to have OPNSense to push its syslog and netflow to Fluentd and have Fluentd to create a readable logfile.

Any advise is welcomed.

-Sam Iland

[Mr. Fiber]

>  could not find a working sample.

What does this sentence mean?

Parse failure, can't receive data from your device or something?

Masahiro

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Mr. Fiber]

I'm not famliar with OPNsense so I want to know direct syslog transfer works or not.

[Mr. Fiber]

in_syslog and in_netflow plugins are very simple.

listen udp(in_syslog also supports tcp) socket and parse incoming data.

So if fluentd can't receive any data from your device, network setting seems wrong, e.g. IPv4/IPv6 mismatch, host mismatch or something.