I have a dev elk stack up and running. each service on a diff srv. It currently receives logs from a server that has filbert installed on it and it receives the logs that way.
My question is for sending logs from a device that doest not support filbeat. i.e a FW
Can I send them directly over to logstash server on port 514?
Do I need a
/etc/logstash/conf.d/ *input, *filter, *output
File for this new log source ?
all the docs just talk about filebeat