Separate syslog

Frances_Chu · March 19, 2024, 8:13am

I need to receive syslog from different systems.
All syslogs are using UDP 514 port and cannot be changed in the source

Now I need to separate different syslogs in logstash.
logstash system reserved port below 1024.

So now I got two solutions

Solution A

In logstash use port forwarding. To forward the syslog to port 5514 and presrve source IP address
filter the source [host] [ip] and adding tags to the syslog

**Solution B **

In logstash use port forwarding rule. To forward syslogs to different ports. e.g. 5514, 6514
Separate logs by using port number.

Just wonder which solution is better. Any best practice.

system · April 16, 2024, 8:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple syslog input from different Device to Logstash Logstash	2	1072	July 31, 2019
How to different syslog in the same port? Logstash	7	1625	February 20, 2022
Logstash - Multiple Log Sources 'Syslog' Logstash	3	1846	July 6, 2017
Gathering logs through Rsyslog/Redis > Logstash Logstash	1	374	July 6, 2017
What is the best way to transfer logs from Syslog server to Logstash? Logstash	1	382	June 10, 2018