Dear Experts,
I can't understand where I can install filebeat if I want to Cisco ASA log or Cisco router log.
Please need help filebeat experts.
Regards
Lokman Hakim
Here, Cisco logs are sent from the appliances using syslog protocol. In the routers of my somewhat dated experience, you can't install anything on them directly.
Their syslog is directed to some "listener", filebeat doc says it can do it, but we use logstash.
Our design is basically: syslog emitters --> load balancer --> logstash -> elasticsearch
There is little HA in syslog, if you want more reliable logs, you need to make the syslog listener more reliable somehow. We use multiple logstash listeners behind a network loadbalancer and logstash persistant queues.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.