EFK, ELK Stack Port issues

September 16, 2014 2.3k views

Hello All,

i am hoping someone can point me in the right direction, i have set up a number of VMs inside ESXI from ubuntu server to CentOS. running both EFK and ELK.

Currently i am running EFK on 14.4 server and sending logs for the localhost works without issue,

My problem is when attempting to ship logs from a windows host (using nxlog) to my EFK VM.

i know the nxlog config is fine as when using NetCat on the vm (nxlog configured for TCP)

sudo nc -l 5140 i can see the windows events coming in for the windows host to the vm via my ssh connection running the nc command,

with the below config my understanding is that this should now be listing on UDP 5140 (i have tried so many configs)

however when doing

sudo netstat -tapen | grep ":5140"

nothing is listing on 5140


   type syslog
   port 5140
   tag windowslog
 <match windowslog.**>
   type stdout

so in short can you please help me to get Fluentd to listen on a port over tpc so i can ship logs

  • apologies the above config was when i was doing some testing (stdout) to see if it would write the events to a log.

    my end game is to ship the logs over tcp

