Sending multiple logs to same ingestion VM with (elastic agent installed in it) and send them to elasticsearch cluster?

Abdarrahmane · August 11, 2024, 10:25pm

hello everyone !

i need guidance please
i want to use an ingestion vm 192.168.1.124 (ubuntu server with elastic agent installed in it and enrolled in fleet) to receive logs from a lot of servers and components in my infra like fortigate, sophos, cyberarc ... using the same port 514 (192.168.1.124:514) and then the elastic agent sends those logs to elasticsearch so I can visualize them in kibana using elastic agent's integrations
is this approach possible ?
if yes how can I achieve it ?
or should I use logstash instead ?
thank you

leandrojmp · August 11, 2024, 11:03pm

Not using the same port, each integration will need a different port.

Abdarrahmane · August 12, 2024, 7:19pm

Hello Leandro

Thank you for taking the time to answer,

so it's only possible if the servers send logs to my ingestion server 192.168.1.124 but using different ports and same thing for elastic agent integrations each one should use different port in their configuration ?

please confirm

thank you !

Topic		Replies	Views
Elastic-Agent enrollment problem Elasticsearch elastic-agent	9	1051	September 28, 2020
Elastic agent with Ingest pipeline Elastic Agent	18	271	September 24, 2024
Integration Issue with Sending Windows Event Logs to Elastic-Agent and Logstash via UDP Elastic Agent	0	19	July 31, 2024
ElasticAgent to multiple locations Elastic Agent filebeat	4	1027	June 29, 2023
Elastic Agent, single custom log to multiple indices via ingest pipeline Elasticsearch ingest-pipeline	7	1048	December 22, 2021

Sending multiple logs to same ingestion VM with (elastic agent installed in it) and send them to elasticsearch cluster?

Related topics