Hi All,
Can ELK Stack able to configure remote syslog forwarding to another syslog server?
Kindly please advise.
Thanks.
The Elastic Stack cannot configure a syslog server, no.
You might be able to use Fleet to have Filebeat listen on the syslog port and send to another server though.
Do you mean, I want to forward the syslog from ELK to splunk or other SIEM product, it is not possible?
If possible, do you have any guidelines can share with me?
What exactly do you want to do?
Hi,
Currently, most of my syslog will be send over to ELK Stack via logstash / filebeat.
I want check, whether ELK Stack can forward another copy to remote syslog server (Such as, Splunk, another SIEM)?
If yes, what should I do to achieve that?
Thanks.
You can do that with Logstash, using the Elasticsearch input and the rsyslog output.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.