We have an application for which installing a local agent is not possible and there is no specific Agent Integration so we are looking to collect the syslog over TCP or UDP.
I assumed within the System integration there would be an option to specify an input over one of these protocols but the options are unfortuantely only local collecion. There is a CEF Intergration I have seen which pretty much seems to be what I'm after but I'm not sure currently if this is the format this particualr syslog is in, or if that even matters? Am I missing a way to achieve this?
Hey @Josh_G. Can your application output log data via syslog? If so, you could install Elastic Agent on a remote host and send the syslog from your application to that agent. The Custom TCP or UDP integrations are likely going to be the best fit for your use case. You can apply one of those integrations to the host running the agent and receiving syslog from your application.
Worth noting, these custom integrations will not map your events to the Elastic Common Schema. You will need to build an ingest pipeline if you wish to map to ECS.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.