We have many applications where we would like to ingest their log data into Elastic Stack; however, the log shipping mechanism is syslog (BSD, CEF, or RFC 5424). Our use case is SIEM & threat hunting.
Here are options I can think of:
- Send the logs to a server running rsyslog or syslog-ng, then consume this data with Filebeat.
- Send the logs to a Logstash server.
Are there other options? Of these options, which is the most recommended?