Syslog data from external device into ELK Stack

I have ELK collecting logs from all of my pods within my Kubernetes cluster. I would also like to collect logs from an external PA firewall (syslog) and have them processed into Elasticsearch. I am a bit confused on how to proceed.

1. Do I expose Filebeat to to the external world using an ingress?
2. Can I even ship syslog data using HTTP?
3. Am I going about this all wrong?

Much thanks for your input.

1. If you want to send to it as a syslog listening endpoint, it needs to be suitably exposed
2. rsyslog would speak http directly to Elasticsearch with it's integration
3. Nope!

Thank you for your input Mark!

Hmmm I tried to create a service and an ingress for Filebeat to to intake syslog data but it seems like this is not yet supported.

apiVersion: v1
kind: Service
metadata:
  name: panos-beat-svc
spec:
  selector:
    release: filebeat
  type: LoadBalancer
  ports:
  - name: http
    protocol: UDP
    port: 80
    targetPort: 9001
  - name: http
    protocol: TCP
    port: 80
    targetPort: 9001

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: beats-ingress
  namespace: elk
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/whitelist-source-range: x.x.x.x/28
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/http2-push-preload: 'true'
    nginx.ingress.kubernetes.io/proxy-ssl-verify: 'on'
spec:
  rules:
  - host: beats.dev.internal.blah.com
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: panos-beat-svc
              port: 
                number: 9001
  tls:
  - hosts:
    - beats.dev.internal.blah.com
    secretName: beats-tls

Sorry, I'm not much use on kubernetes!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.