I am very new to elk stack.
Trying to use logstash for Cisco routers and Fortigate firewalls.
Both of these device types will use default udp port 514 to logstash to send log files.
Most basic configuration looks like below for input.
port => 514
type => "log4net"
But with this setup I cannot differenciate which is a fortigate and which is a cisco log.
I try to avoid configure a unique udp port for each type of device from different vendors.
The goal is not gork data for additional fields according to their log contents.
Any help. Or I am missing something obivios.