Looking to use logstash to host multiple syslog listeners to start to aggregate logs from different vendors and then forward on for now to another syslog server.
The question is whether we can set the syslog output dependant on the source address for example:
TCP 514 collects all firewalls and routers
As we know the source addresses of these I would like to be able to get logstash to look up the source address and then route them accordingly e.g.
TCP 514 > Logstash > (Firewall) > SYSLOG out to xxxx:5000
TCP 514 > Logstash > (Router) > SYSLOG out to xxxx:5001