Hi,
I have setup an ELK and run winlogbeat and filebeat. Winlogbeat logs displayed in the kibana interface but the syslog from the devices not showing up. when i do a tcpdump port 5544(the port i have setup to listen for syslog messages, it shows the FQDN name of the device which send the syslogs.
my file in /etc/logstash/conf.d/01-beats-input.conf
input{
syslog {
port => 5544
type => 'syslog'
}
}
but when i do as follows it gives and error messages but shows the logs in kibana
input{
syslog {
port => 5544
type => 'syslog'
codec => json
}
}
please let me know what i am doing wrong here did i miss anything. hope to hear from you ASAP
