I see something in metrics.log when I send the message. (I have masked the IPs before posting). I still need to learn to read this log file But here are the messages.
10-13-2011 18:11:19.716 +0000 INFO Metrics - group=per_sourcetype_thruput, series="udp:33333", kbps=0.001229, eps=0.096774, kb=0.038086, ev=3, avg_age=0.000000, max_age=0
I only see this message once I send the message else this lines does not appear in the log file. Looks like universal forwarder is receiving the udp messages.
I also see this
10-13-2011 18:12:52.795 +0000 INFO Metrics - group=tcpout_connections, group1:XXX.XX.XX.XX:44444:0, sourcePort=8089, destIp=XXX.XX.XX.XX, destPort=44444, _tcp_Bps=54.57, _tcp_KBps=0.05, _tcp_avg_thruput=0.06, _tcp_Kprocessed=470, _tcp_eps=0.13
10-13-2011 18:12:52.795 +0000 INFO Metrics - group=udpin_connections, 33333, sourcePort=33333, _udp_bps=0.00, _udp_kbps=0.00, _udp_avg_thruput=0.00, _udp_kprocessed=0.00, _udp_eps=0.00
Do you have any idea what udpin_connections group is?
Do I have to define something else to let forwarder know that messages received from udp port should be forwarded to tcp:44444?
... View more