Im wondering if its possible to run a logstash service listening on port 514 and forward external syslog data to elastic through it. My issue is that I have SANs and switches that won't let me specify a non-standard (IE not 514) port for remote syslog.
Am I thinking about this incorrectly? Do I still need to run a local (r)syslog instance and forward from that to logstash?
It is possible. There are pros and cons. The internet has a few articles on doing this.
Be aware of RFC compliance though.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.