I am trying to receive data from a remote syslog server using logstash and the syslog input plugin but unsure how it works.
I have a custom domain I want to use for this communication, do I use the custom IP/domain in the input.syslog.host value or do I use 0.0.0.0?
Once the listener is active on logstash, does that mean that the syslog simply needs to push the data and it will get to the pipeline for which the listener was started?
What port should the remote syslog use? Should it be the same as the one that was used to start the listener or another port?
Any pointers will be appreciated.
Thanks.