I have been trying to setup logstash to output plugin to work with ssl-tcp but I can't seem to get any community documentation on how to do this. A vendor provided me with their public certificate but I simply can't find a way to implement this change so that I can write to an external syslog server. I have worked on the file below:
> input {
> beats {
> host => "0.0.0.0"
> port => 5000
> type => "logs"
> }
> }
> filter {
> if [type] == "system" {
> grok {
> match => [ "message", "%{SYSLOGLINE}" ]
> overwrite => [ "message" ]
> }
> }
> geoip { source => "src_ip" }
> }
> }
> output {
> syslog {
> host => ["localhost"]
> port => 2222
> protocol => "ssl-tcp"
> ssl_cacert => "/etc/ssl/certs/syslog-ng.cert"
_> severity => "informational,_
_> emergency,_
_> alert,_
_> critical,_
_> error,_
_> warning,_
_> notice,_
> debug"
_> facility => "syslogd,_
_> security/authorization,_
_> kernel,_
_> user-level,_
_> mail,_
_> daemon,_
_> line printer,_
_> network news,_
_> uucp,_
_> clock,_
_> ftp,_
_> ntp,_
_> log audit,_
_> log alert,_
> clock"
> }
> }
Can someone please assist with the setup