Does anyone know of a way that I can check if a system is reporting into my log server
index=_internal host=hoatname or IP
tcpdump
Syslog are normal UDP, so tcpdump will not work.
Too bad mine doesn't know it 😉
May fault, just assumed TCPDUMP was for TCP only, but according to manual it can look at UDP and ICMP as well. Bad name of the application 😉