Separate syslog

Elastic Stack Logstash
1

I need to receive syslog from different systems.
All syslogs are using UDP 514 port and cannot be changed in the source

Now I need to separate different syslogs in logstash.
logstash system reserved port below 1024.

So now I got two solutions

Solution A

  1. In logstash use port forwarding. To forward the syslog to port 5514 and presrve source IP address
  2. filter the source [host] [ip] and adding tags to the syslog

**Solution B **

  1. In logstash use port forwarding rule. To forward syslogs to different ports. e.g. 5514, 6514
  2. Separate logs by using port number.

Just wonder which solution is better. Any best practice.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.