Hello Dear,
Hope you are well,
I want to add MikroTik router all event log in to the ELK v7, already i added some Linux machine, They are working fine. Please give me some advice how to add MikroTik router in ELK v7. if some document are available please share with me. That Would be very helpful for me.

Logstash configuration is below

vim /etc/logstash/conf.d/01-logstash-simple.conf

input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash.crt"
ssl_key => "/etc/pki/tls/private/logstash.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => {
"message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}"
}
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch {
hosts => "localhost:9200"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
}

Note: if I have need to change in this configure please advice me.

Regards,
Lokman Hakim

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.