Hi Forum
I've build my first ELK server - and have some incomming data - But I cannot make my Aruba 2530 Switches send the logfiles to elastic - and missing something somewhere.
On My Aruba switches - I set the following settings:
logging 10.102.62.3
logging facility syslog
logging severity info
On My Elasticsearch I have created the following file: /etc/logstash/conf.d/01.syslog.conf
input {
udp {
host => "127.0.0.1"
port => 514
codec => "json"
type => "syslog"
}
}
# The Filter pipeline stays empty here, no formatting is done.
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss.SSS", "MMM dd HH:mm:ss.SSS" ]
timezone => "UTC"
}
}
}
# Every single log will be forwarded to ElasticSearch. If you are using another port, you should specify it here.
output {
if [type] == "syslog" {
elasticsearch {
hosts => [ "127.0.0.1:9200" ]
}
}
}
But I do not get any data from any switche - so somewhere I'm missing something here.
Somehow I have an though that I'm missing creating the index ( But are able to see it in kibana . without any data inside. Can anyone see why and where my problem is here ???
Thanks in advance