Normalize the logs with ELK

A_B · May 10, 2019, 2:40pm

Move all files out of /etc/logstash/conf.d/ to a backup location.

Create on new file with the following content in /etc/logstash/conf.d/

input {
  beats {
    port => 5044
  }
  udp {
    port => 1514
  }
}
filter {}
output {
  elasticsearch {
  }
}

That should work with the defaults for the elasticsearch output as long as you have Elasticsearch running on the same machine as Logstash.

Restart Logstash. Check that you can connect to UDP port 1514.

The official Logstash documentation is quite good. There is a lot of it so it takes time to get through it. You don't really need to read everything though as you only use small parts of it.

system · June 7, 2019, 2:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Syslog Cisco ASA Elasticsearch	3	3022	March 18, 2017
Centralized Syslog management for Cisco Switches Logstash	6	8270	February 21, 2020
Cisco ASA Logging to Elastic Stack Elasticsearch	4	2906	May 1, 2020
Problem with indexing Cisco Logfiles Elasticsearch	6	653	August 31, 2022
Cisco ASA syslog parsing Elasticsearch	2	3403	April 29, 2019

Normalize the logs with ELK

Related topics