Separate syslog

Frances_Chu · March 19, 2024, 8:13am

I need to receive syslog from different systems.
All syslogs are using UDP 514 port and cannot be changed in the source

Now I need to separate different syslogs in logstash.
logstash system reserved port below 1024.

So now I got two solutions

Solution A

In logstash use port forwarding. To forward the syslog to port 5514 and presrve source IP address
filter the source [host] [ip] and adding tags to the syslog

**Solution B **

In logstash use port forwarding rule. To forward syslogs to different ports. e.g. 5514, 6514
Separate logs by using port number.

Just wonder which solution is better. Any best practice.

system · April 16, 2024, 8:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to different syslog in the same port? Logstash	7	1614	February 20, 2022
Logstash - Multiple Log Sources 'Syslog' Logstash	3	1841	July 6, 2017
Logstash profile Logstash	2	238	November 30, 2022
Syslog forwarding question -> Logstash (very basic) Logstash	8	15339	May 9, 2018
Rsyslog to logstash help Logstash	4	1365	December 17, 2017