I installed Logstash and I was able to successfully setup the google_pubsub input plugin to pull the Pub/Sub logs from GCP and I can see the logs on STD out on the screen. My question is how does one re-direct STD output or these events to a remote server? Specifically another SIEM like Qradar that's listening for Syslog connections on TCP/UDP 514
I will be honest that I am fairly new to Logstash.
There are a number of output plugins that are available to use.
There is a syslog output.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.