fluent
Unexpected Traffic on Port 3389 from Fluent Bit Pod in AWS VPC
Hello Fluent Bit Community, We have observed that a Fluent Bit pod in our AWS VPC is generating traffic on port 3389, which is typically associated with Remote Desktop Protocol (RDP). This is unexpected behaviour as Fluent Bit should not be using this port.
Steps Taken:
- Checked the pod configuration to ensure it is not explicitly set to use port 3389.
- Reviewed the logs of the Fluent Bit pod but found no relevant information.
- Analyzed AWS VPC Flow Logs to identify the source of the traffic. Despite these efforts, we are unable to determine why the Fluent Bit pod is generating traffic on port 3389. We need assistance in identifying the root cause and resolving this issue.
Request: • Guidance on how to further diagnose this issue. • Any known issues or configurations that might cause Fluent Bit to use port 3389. • Recommendations for resolving this unexpected behaviour.
- which image are you running and where you get it from?
- share your config map
Container image from Docker Hub: fluent/fluent-bit:3.0.6 Helm Chart from https://fluent.github.io/helm-charts fluent-bit:0.46.7
hereby attached ConfigMap
Still we observe that a Fluent Bit pod in our AWS VPC is generating traffic on port 3389, any leads please?
We see the same issue on our clusters - the underlying OS is Bottlerocket. Whilst https://github.com/bottlerocket-os/bottlerocket/issues/1386 looks to have been resolved - could there anything BR specific causing FluentBit to not get its value from net.ipv4.ip_local_port_range?
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for 5 days with no activity.