Hello guys,
I setup a Filebeat (7.9) on my ELK(7.9) and started receiving syslog messages. So far so good, everything is parsed and visualized successfully.
However I am facing problems, when I enable 2 different modules and both are listening for syslog data on the same port - UDP 514? The data cannot be differentiated correctly.
When I modify my module files to listen on different ports, everything is working.
Has anyone run into the same problem?
Denis
We aren't all guys 
The best option you have would be to add a tag using a conditional statement.
Hello Mark,
First I want to apologize.
I checked the documentation and test the processor - add_tags. Successfully added tags, based on different condition.
The problem is when, this data is parsed from the modules.
In example, how to tell to Cisco module to look only for specific data, coming on port UDP/514 and to parse only this?
Thanks,
Denis
That is just an example, you can call that whatever you want.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.