Hey everyone.
I've been trying to send logs from an untangle firewall device to my ELK SIEM on Kubernetes. To do so I created a pipeline that I deployed as a ConfigMap and from here I'm stuck.
Here's a part of the Helm values.yaml file to use when deploying logstash :
# Allows you to add any config files in /usr/share/logstash/config/
# such as logstash.yml and log4j2.properties
#
# Note that when overriding logstash.yml, `http.host: 0.0.0.0` should always be included
# to make default probes work.
logstashConfig: {}
# logstash.yml: |
# key:
# nestedkey: value
# log4j2.properties: |
# key = value
# Allows you to add any pipeline files in /usr/share/logstash/pipeline/
### ***warn*** there is a hardcoded logstash.conf in the image, override it first
logstashPipeline: {}
# logstash.conf: |
# input {
# exec {
# command => "uptime"
# interval => 30
# }
# }
# output { stdout { } }
# Custom ports to add to logstash
extraPorts: []
# - name: beats
# containerPort: 5001
service: {}
# annotations: {}
# type: ClusterIP
# ports:
# - name: beats
# port: 5044
# protocol: TCP
# targetPort: 5044
# - name: http
# port: 8080
# protocol: TCP
# targetPort: 8080
What am I supposed to modify here to add my pipeline config file to be integrated into Logstash to start seeing logs from Untangle ?
(The name of the config file is untangle-syslog.conf / The name of the ConfigMap is untangle-syslog / The port I'm listening to is 514/UDP from Untangle)