Hi,
I want to crate a centralized logsys for networking.
Will includ syslogs from Cisco, Juniper, Fortigate, F5, SmartEdge, Check-Point from a lot of machines.
My problem is how to config the logstash.conf that will be able to get and grok the syslogs (thay are not the same pattern)
Thanks
Talia
Thanks,
But how do I combine all the grok?
Maybe there is example for conf file for networking syslog files with different pattern?
Thanks,
Talia
The grok filter documentation shows an example of how you specify multiple grok expressions in a single grok filter.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.