Syslogs which comes from Linux device ( start with time)
Syslog but comes from cisco devices
Logs which comes from cisco device start with hostname and logs which comes from linux start with time so i want to send the logs which comes from cisco device to different port so how do i filter like if my logs start with hostname it should go to differnt port (other then configure for linux device)?
what if or else statment or any other way which pick if logs start with hostname then it should go port "6514"
Please advise.
Logstash cannot redirect events until they have been received. You will need to tell your Cisco devices to send to a specific endpoint, and then configure your hosts to send to another.
yes we are getting logs at logstash as per below
Format 1
Msg: Sep 15 18:14:49 Servername cupsd[1317]: REQUEST localhost - - "POST / HTTP/1.1" 200 184 Renew-Subscription successful-ok\0x0a
Format2
Msg: 73166:bsy-lup11-4938: Sep 16 17:42:27: %SYS-5-CONFIG_I: Configured from console by cyberark_admin on vty0 (XX.34.XX.240)
Now my requirement is that if logs start with host name it should go to the different port (foramat2) and log start with time stamp it should go to different port as output how do i do that ?
We are sending output to our one of they server (Mcafee receiver)
let say 10.x.x.x etc...we need to forward to it but for type 1 log should to go to port 514 or type 2 go to 6514 etc...so how to we configure this.
Note : our input is same ( end nodes are forwarding to logstash)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
