If you have a Syslog Source that is not ingesting messages, you can test it in the following ways:
-
Once the Syslog Source is configured, on the Collector host, verify that there is a Listen process on the configured port in the output of "netstat -na".
-
Push some data using netcat on to that port using a chat-like session. Netcat is a networking utility used for reading or writing from TCP and UDP sockets that has a simple interface. Netcat is not included with Windows by default, but you can download it from http://nmap.org/ncat.
ncat.exe -v <ip_address> 1514 ## for TCP port1514
ncat.exe -vu <ip_address> 1514 ## for UDP port 1514
- Then, check the Sumo Logic Search tab to make sure that the data pushed in the chat-like interface is available.
If the messages are available in the Sumo Logic Search tab, that would indicate the Syslog Source is working as expected. So the problem might be that data is not reaching the Syslog configured port from the original Syslog clients or from a load balancer, for example.
Also check the Use Receipt Time box next to the Start button. The Syslog source is configured to use UTC time by default. Because your test messages do not have a timestamp, Sumo Logic will interpret the logs as UTC, and the search won't include the results in the default Last 15 Minute timeframe.
Comments
1 comment
support access has been enabled on the account.
Please sign in to leave a comment.