I'm going to be deploying an ELK stack on a small to medium network very soon and have got my documentation and such all ready to go, but I was wondering about one thing.
I will be capturing Syslogs from routers/switches and NETFlow from specific devices which means that for the Syslogs it will be using UDP port 514. This is a privileged port and Logstash can not listen to it directly unless ran as root.
I have been looking at a few solutions regarding it and found out that with Rsyslog and Redir you can send all files from whatever port to there and it will redirect it with a higher port number to Logstash. Does anyone have experience with this?
Ubuntu Servers 14.04