Hi,
I would like to setup an ELK stack for passive log ingestion behind a TAP/SPAN/diode, from an existing log stream. Unfortunately I haven't been able to find any information about passive deployment.
Can Logstash be configured to receive a UDP stream with logs in syslog, GELF or some other protocol with UDP support, on a network interface in promiscuous mode? Which option(s) would you suggest?
Thanks!