TCP/UDP VS syslog

What is differences between the below.

input {
  tcp {
    port => 514
    type => syslog
  }
  udp {
    port => 514
    type => syslog
  }
}

VS

input {
  syslog {
    port => 514
 }
}

If I need to receive syslog messages and use "TLS" Encryption. In Syslog input plugin doesn't supported so far, I try to find the alternative solution, if there is please help me and thank you.

The syslog input expects messages to follow the syslog format defined in RFC3164 and will automatically parse the message if the format is correct.

The tcp or udp input will receive any kind of message, but you will need to build your own parse for it.

Since you need to use TLS, you can do that using the tcp input.

Please Explain more on this line
whet you mean?

I thank you mean use the grok message to handle the syslog message .

I'm not sure there is anything else to explain, the tcp and udp input will receive any message will send, they do not expect the message to follow any format, the syslog input expects the message to follow a specfic format.

You can use grok, dissect, kv, json, it depends on the format your message, but you need to use any parsing filter that logstash have to parse the message.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.