Discuss the Elastic Stack

Filebeat multiple modules on single input syslog port

Elastic Stack Beats

Amol_Sahare (Amol Sahare) July 18, 2023, 2:17pm 1

Hi All,

I have installed filebeat Syslog input and received logs from multiple devices like Vmware Esx, Firewall, Unix, VCenter, Antivirus, etc.

Filebeat Yml file:
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
hosts: ["XXX.XXX.XX.XX:XXX"]
path:
data: ${sidecar.spoolDir!"C:\Program Files\Graylog\sidecar\cache\filebeat"}\data
logs: ${sidecar.spoolDir!"C:\Program Files\Graylog\sidecar"}\logs

filebeat.inputs:

type: syslog
enabled: true
keep_null: true
format: auto
timeout: 10
protocol.udp:
host: "0.0.0.0:514"
type: syslog
enabled: true
format: auto
timeout: 10
keep_null: true
protocol.tcp:
host: "0.0.0.0:514"

I want to use modules to parse all the logs using filebeat. Please let me know how to achieve this.

system (system) Closed August 15, 2023, 4:18pm 2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Filebeat log to multiple outputs like file and syslog Beats filebeat	8	4455	July 17, 2023
How can i have multiple inputs/outputs in a single filebeat.yml Beats filebeat	1	528	May 26, 2020
Filebeat only sends the first log input Beats filebeat	1	130	August 25, 2023
Filebeat drop_event module input Beats filebeat	4	901	November 25, 2020
Filebeat syslog input : enable both TCP + UDP on port 514 Beats filebeat	3	4649	May 19, 2020

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.