Syslog enquiry

peterch · November 9, 2017, 8:14am

Dear all,

I have a network device and would like to send syslog to logstash. My current logstash.json as below. May i know how to amended. I tried on. Please correct me if I wrong. Thanks

logstash.json (before)

input {
beats {
port => 5044
type => "log"
}
}

output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

logstash.json (after)

input {
beats {
port => 5044
type => "log"
}
syslog{
port => 514
type => "syslog"
}
}

output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

warkolm · November 9, 2017, 8:18am

What exactly are you asking here, as it's not clear.

peterch · November 9, 2017, 8:23am

I want to know if i want to receive syslog from network device. What should I need to do in logstash.json

warkolm · November 9, 2017, 8:26am

Check out https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html

system · December 7, 2017, 8:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Looking for best practice recommendations for SysLog data retrieval? Logstash	1	317	February 4, 2020
Having problem getting syslog to show on Elasticsearch Logstash	5	794	June 15, 2021
What is the log ship agent for network device Beats	5	377	July 17, 2020
Syslog input to elastic using logstah Logstash	3	337	March 23, 2020
Sending logs from logstash to syslog-ng Logstash	5	1790	November 30, 2017

Syslog enquiry

logstash.json (before)

logstash.json (after)

Related topics