Aria Operations for Logs are not sending the tag to the syslog endpoint after setting the tags under the Log Forwarding in Log Management.

Aria Operations for Logs 8.x

To check if the Aria Operations for Logs is sending the tags correctly, we will need to install tcpdump in the environment.

• SSH to the primary node of Aria Operations for Logs using the root user
• If Aria Operations for Logs has access to the internet, please run the command below to install tcpdump.

tdnf install tcpdump

• If Aria Operations for Logs has no access to the internet, please follow the KB: How to perform offline network packet capture in Photon OS
  • Please note that we only need to install the tcpdump. You can ignore the libpcap commands and file.
    
    
• Check if the logs are being forwarded to the syslog endpoint by running the command below.

tcpdump -v -s 0 -A dst <syslogserver_ipaddress> and dst port 514

If the tags are configured in Log Forwarding page under Log Management, you should be able to see the tags withint the log events being captured by the tcpdump.