Hi people, I have several routers, switches and acces points in my network and I want to send all their logs to a syslog service implemented in my ELK server.
Is this possible to implement a syslog server listening on UDP/514 port through the filebeat agent installed in the own ELK server?
I have to point:
Routers, Switches, AP's ---> UDP/514 Syslog service in Filebeat from ELK server
Thanks a lot !!!
Yes, depending on the amount of data you might want to have an own server for filebeat.
Thanks a lot.
But I've read that it's possible to use Logstash to generate a UDP/514 port for incoming logs.
Which is better for listening syslog input, filebeat or logstash ?
Thanks again !
It basically depends, there is no "better" or "worse".
E.g. filebeat has support for specific switches such as Cisco iOS or Firewalls as Cisco ASA and Fortinet. https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html In Logstash you would have to write your own pipeline and do splitting of the fields and mapping by yourself.
I would go with filebeat and send e.g. Cisco iOS switches to a specific port, firewalls to a specific port and so on.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.