You need .conf similar to this:
input {
syslog {
port => 514
}
}
filter {
# later will add grok like SYSLOGLINE or similar parser
}
output {
file { path => "/path/hpsyslog_%{+YYYY-MM-dd}.txt" }
stdout { codec => rubydebug{ } }
}
The message should be like this:
<189>Oct 9 14:59:04 2022 Sysname %%10SHELL/5/SHELL_LOGIN(l): VTY logged in from 192.168.1.1
Check the received messages and the documentation to get fields description. The grok conf should be like this.