Hi,
I want to send the Cisco switch logs to ELK stack? Is below procedure correct ?
step-1
Sentd logs from Cisco switch to Rsyslog server
Step-2
Install filebeat on Rsyslog server
Step-3: enable Filbeat Cisco module
Step-4: create Filebeat CIsco piplines
Step-4: send logs from filebeat to Logstash
Please correct me if i am wrong. If is there any another process please let me know.
Hi @PraveenKT,
That approach would work. although you don't really need the Rsyslog server. Filebeat has a syslog input that can receive logs. Just enable the module and configure it's syslog input to listen on 0.0.0.0 (to receive from the network).
Best regards
I’ve found with filebeat you can send output to
With option one you can install the filebeat es pipeline that will parse the syslog properly. If you go with logstash you have to create your own patterns or just have everything in the message field
Please correct me if I’m wrong
You can also not use filebeat at all and use logstash input to ingest logs and output those to es
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.