I am using winlogbeats to send log files from a windows box to logstash. My logstash is collecting Linux syslogs over port 514,forwarding them to a local NGINX service that will then forward it to our SIEM syslog server (this piece works). I was wondering if anyone knows whether I can use the same port 514 to receive winlogbeats traffic. I think there is some additional configuration required in the logstash file for winlogbeats traffic, but I was not sure. Please advise.
You cannot send Winlogbeat events directly over syslog as it only supports Elasticsearch/Logstash/Kafka/Redis/File as outputs. You would need to configure the beats input in Logstash to receive the data from Winlogbeat. Then you can have Logstash forward the data to wherever you need it to go.
thank you !
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.