Hi guys,
I'm just reaching out for someone to point me in the right direction with a relatively simple query I have.
We have an elastic.co hosted ELK stack and I am in the process of building a logstash instance in our on-prem VM estate to act as a log relay, particularly for syslogs from network devices. The config for the input side of things is clear, but the output and how to secure the connection isn't quite. I am assuming Lumberjack is the way to go for the output side of things? Please correct me if there is a better way.
What I want to do is receive syslogs and output them directly into our hosted ELK stack without storing anything locally. I have tested my input with the following and it is working ok:
#udp syslogs stream via 5514
input {
udp {
type => "syslog"
port => 5514
}
}
output {
stdout {}
}
RE the output I plan on generating and self-signing a cert on the on-prem logstash instance, but beyond that, I have the following questions:
- How do I send the cert up to the cloud ELK stack and where do I select it for use on the cloud end?
- What host(s) would I specify in the lumberjack output and where could I find this? Is it just the "xxxxxx.gcp.cloud.es.io" hostname assigned to us?
- What port would I use? Where is this configured on the cloud end?
Sorry if these questions seem a bit basic, but I've done a lot of searching and haven't found the answers out there and it has been a long time since I've done anything with ELK, and that was all on-prem so I didn't have these issues.
Thanks in advance for any help, it is greatly appreciated! 