Hello, I'm having troubles configuring my linux forwarder. I've completed the setup as per documentation but I don't get any log on the SIEM. Any hint?
Troubles configuring linux forwarder
+5
Hi
@Antonino_La2
first of all I would recommend to validate that there isn't a firewall or web proxy blocking the traffic.
In addition, you can check the forwarder for logs - You can use this guide
https://cloud.google.com/chronicle/docs/install/forwarder-linux
the command would be : docker logs cfps --follow
+5
Hi
@shakedtal
thank you for your reply. I've followed the guide you attached. The container looks like it's working fine. Following the logs with docker logs -f cfps I get lot of logs like these:
488 syslog.go:396] Accepting new syslog TCP connection.
488 malchite.go.257] Batch (8, NIX_SYSTEM) successfully uploaded.
Already checked firewall/proxy configuration but nothing :(
Have you looked to see that the forwarder itself is receiving telemetry? Between two linux machines you can use netcat to push a string on a specific port, for example
+5I didn't check that but since this is a test the telemetry come from the same machine where the forwarder is running. I thought that the telemetry was successfully received due to the "Accepting new syslog TCP connection." line in the logs
If that's the case, you can go on the same machine and verify that the syslog folder has content.
Hi @Antonino_La2 I would recommend opening a support ticket to the team to take this forward. Please let me know if you have any additional questions.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.