Routerboard hexS, 7.23.1
Hi,
I use filebeat to parse firewall logs for my elasticsearch.
I've configured the system/logging accordingly by adding this remote action and mapped it to the firewall topic :
name="filebeat" target=remote remote=192.168.x.x remote-port=514 src-address=0.0.0.0 remote-log-format=cef remote-protocol=udp cef-event-delimiter="\r\n" syslog-time-format=bsd-syslog vrf=main
Each time the routerboard reboots (upgrade or whatever) filebeat says "dissect_parsing_error" as if log pattern have changed. I found this trick to fix the the problem: I change the remote-log-format to something else and then back up to cef, then filbeat is able to parse logs again.
This is really annoying
Thanks for your help