Syslog - logstash

talial · December 28, 2017, 3:34pm

Hi,
I want to crate a centralized logsys for networking.
Will includ syslogs from Cisco, Juniper, Fortigate, F5, SmartEdge, Check-Point from a lot of machines.
My problem is how to config the logstash.conf that will be able to get and grok the syslogs (thay are not the same pattern)

Thanks
Talia

tatdat · December 29, 2017, 4:21am

you can use grok debug for parse syslog

talial · December 31, 2017, 10:02am

Thanks,
But how do I combine all the grok?

Maybe there is example for conf file for networking syslog files with different pattern?

Thanks,
Talia

magnusbaeck · December 31, 2017, 1:12pm

The grok filter documentation shows an example of how you specify multiple grok expressions in a single grok filter.

system · January 28, 2018, 1:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - Syslog Help - I am a total pleb Logstash	6	1334	January 2, 2018
Parsing syslog from linux rsyslog Logstash	25	7986	July 6, 2017
Cisco Meraki Syslog - Using Two Grok Patterns in the same filter Logstash	2	1173	November 9, 2018
Parsing syslogs from different Cisco devices to Logstash Logstash	3	2346	March 13, 2017
How to use custom grok pattern for syslog input Logstash	1	318	June 4, 2020

Syslog - logstash

Related topics