I just updated to 6.4.0 from 6.3.1. Data is being received on UDP:514 from my firewalls. This data was indexed as syslog, but is now going into main. I have the \etc\apps\search\local\inputs.conf configured with:
[udp://514]
connection_host = ip
index = syslog
sourcetype = syslog
Is there any other location that I need to configure to get this data into the syslog index?
Thanks.
↧