I'm trying to put together a system which is intended to tee everything arriving at an ELK system from all input types to an evidence store syslog platform. i.e everything processed by ELK also goes to a syslog in the raw before being processed.
My intended approach is to use the syslog output plugin of logstash, but the examples seem to suggest you have to associate it with each input type individually. Is there a way to introduce a catch-all which forces all logstash inputs to output to this additional syslog destination?