I have ELK running on a single server at this point in time. I also have rsyslog server running on this same host.
We have many network devices (Cisco Switches Routers/ASA's/etc.) in our environment. My requirement is that I need to gather data from all network devices, and store them in a centralized location. The 2nd requirement, is that the network admin require that the raw data/files be retained for historical purposes.
My question is: Can LogStash meet both of these requirements (Collecting and Storing the raw syslog files being sent from the devices on the local server AND parsing the logs and feeding them into Elastic)? Or, should I simply collect the log files on the host using rsyslog, and then point LogStash to the local files and have it parse them? My goal is to be as efficient as possible with getting data into Elastic AND storing the raw log files for historical reference.
I hope I have explained this well, and I certainly appreciate any comments/feedback.
Kind Regards,
Jeff