sajiby3k
(Ashraful Matin)
February 1, 2021, 5:54pm
1
Hi,
I am very new to elk stack.
Trying to use logstash for Cisco routers and Fortigate firewalls.
Both of these device types will use default udp port 514 to logstash to send log files.
Most basic configuration looks like below for input.
input{
udp{
port => 514
type => "log4net"
}
}
But with this setup I cannot differenciate which is a fortigate and which is a cisco log.
I try to avoid configure a unique udp port for each type of device from different vendors.
The goal is not gork data for additional fields according to their log contents.
Any help. Or I am missing something obivios.
Regards.
warkolm
(Mark Walkom)
February 1, 2021, 11:04pm
2
Welcome to our community!
Using different ports is the best option. If not, you might be able to tag them based on specific information each log format contains?
sajiby3k
(Ashraful Matin)
February 2, 2021, 7:32am
3
@warkolm
Can you explain what the host in input udp does?
What is the - Host value - my logstsash IP adress or the device sending the syslog data (Cisco/Fortigate)?
system
(system)
Closed
March 2, 2021, 8:30am
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.