Problem with my logstash file '.conf' for analyse syslog from my switchs

Rios · March 29, 2023, 10:26am

You need .conf similar to this:

input {
 syslog {
  port => 514
 }
}
filter {
# later will add grok like SYSLOGLINE or similar parser 
}
output {

 file { path => "/path/hpsyslog_%{+YYYY-MM-dd}.txt"  }
 stdout { codec => rubydebug{ } }

}

The message should be like this:
<189>Oct 9 14:59:04 2022 Sysname %%10SHELL/5/SHELL_LOGIN(l): VTY logged in from 192.168.1.1
Check the received messages and the documentation to get fields description. The grok conf should be like this.

Topic		Replies	Views
Parsing syslog from linux rsyslog Logstash	25	7934	July 6, 2017
Configuring logstash-input-syslog Logstash	5	9408	June 1, 2018
Centralized Syslog management for Cisco Switches Logstash	6	8231	February 21, 2020
Syslogs sent to wrong index Logstash	6	394	May 5, 2020
Syslogging Struggle - newbie alert Elasticsearch	5	583	December 21, 2021

Problem with my logstash file '.conf' for analyse syslog from my switchs

Related Topics