My company has recently switched our logging solution. We used to have multiple inputs from different servers, however now we are getting all logs from a single device. So I have a few questions;
- Has anyone used Tenable LCE boxes as an input?
- Has anyone dealt with the LCE header?
- I'm considering making an input plugin but I'm not a programmer. Anything specific I should know?
My current configuration is taking a udp stream input then filtering everything with grok and adding a sort field which I then run conditional statements on breaking down each type of log a different way. My output will be Elasticsearch however I am currently just dumping files in and out of Logstash creating individual GROK patterns for each separate log type. I am using Logstash 2.0 and accumulating about 1MB of logs per second. I am trying to find the most efficient way to run all of this data through. Any thought, input, or idea will help alot.
Thanks,
Jackal