Looking to use logstash to host multiple syslog listeners to start to aggregate logs from different vendors and then forward on for now to another syslog server.
The question is whether we can set the syslog output dependant on the source address for example:
TCP 514 collects all firewalls and routers
As we know the source addresses of these I would like to be able to get logstash to look up the source address and then route them accordingly e.g.
TCP 514 > Logstash > (Firewall) > SYSLOG out to xxxx:5000
TCP 514 > Logstash > (Router) > SYSLOG out to xxxx:5001
I'm not fully aware of the infrastructure your working on and the requirements you have thus it's hard to propose a solution that would be useful for your case.
Please dont be affraid to explain the need of each step and the results you want to accomplish with each elements.
Ideally we will set the correct destination port at the source however at the moment all these devices are sending to one IP on port 514 - on this IP I want to put logstash and break it out to the device types for sending on if that makes sense?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.