I was hoping for some help setting up syslog collection using the syslog input plugin for Logstash on Ubuntu 14.04 LTS.
We have configured Topbeat, Logstash, Elasticsearch and Kibana and that seems to be working nicely (except for disk and file system metrics, but will start a separate thread regarding that).
I had a look at the logstash reference and did not find that very intuitive for installation and configuration.
I am hoping that our use case is relatively simple and many other users will have implemented syslog input plugin on Ubuntu.
I understand syslog is the comprehensive of the system logs, we really want to be collecting as much as we sensibly can to monitor the server and security.
I am not sure if we need to be collecting the auth.log separately using Filebeat or Logstash, would welcome any recommendations there as well.
Hope to hear from you soon.