I was able to install logstash on the ubuntu server.
Then I configued the syslog.conf file to get the traffic to elasticsearch(installed in same server).
Then tried to restart the logstash service, but unable to restart the logstash service and logstash service was down.
Syslog data traffic is coming as CEF format to logstash.
syslog.conf file as bellow:
input {
tcp {
port => 514
type => "syslog"
codec => cef { delimiter => "\r\n" }
}
}
filter {
}
output {
if [type] == "syslog" {
stdout { codec => rubydebug }
elasticsearch {
hosts => "localhost:9200"
user => "elastic"
password => "XXXXXXX"
http_compression => "true"
index => "syslog-%{+YYYY.MM.dd}"
}
}
}
I'm using ELK 7.10.1 version
logstash log:
elasticsearch log:
Thank You!