Elastic Stack as a syslog relay?

s.essa · October 6, 2017, 2:31pm

Hello, I am completely new to the Elastic Stack and was wondering if the following was possible:

I want to use the Elastic stack for log collection, forensics and as a relay to LogRhythm for specific use cases. I was wondering if this was possible, anybody has tried this and what problems they may have encountered.

A key requirement would be preservation of the original log, ideally we would like to forward specific logs to Logrhythm unprocessed.

Is there a way to forward logs from ELK to Logrhythm? Preferrably raw logs (preserving original source, destination, timestamp, etc).

Thanks

warkolm · October 6, 2017, 9:46pm

I commented on your other thread as well.

But Logstash will wrap the original event in some meta fields, like time received and a few other things. So it won't be the original message being forwarded.

s.essa · October 10, 2017, 1:30pm

Thanks for the info Mark, I'll look into the config file as well.

Is there a way to know just how each packet is changed?

Thanks again,
Sam

warkolm · October 10, 2017, 9:18pm

Easiest way is to push a message through with no filters.

Topic		Replies	Views
Log Forwarding Capabilities Logstash	5	2292	June 29, 2023
Raw message output Logstash	1	575	April 8, 2021
Logstash sends the log to elasticsearch and Syslog-ng or rsyslog(multiple outputs) which keeps the original log Logstash	8	1441	March 10, 2022
Collect Network Device Data - Req Keep Raw and Feed Into Elastic Logstash	4	1202	July 6, 2017
Native logs in ElK stack Elasticsearch	3	877	July 5, 2017

Elastic Stack as a syslog relay?

Related topics