I want to send additional parameters like message from syslog in omfwd format and also need to know what filter i can set on logstash to read this additional parameter Syslog configuration: ..... action(type="omfwd" Target="1.1.1.1" Port="1234" Protocol="tcp" newMessage = "abc")
Asked
Active
Viewed 129 times
1 Answers
0
You'd want to configure your logstash input filter to listen on UDP 514 for Syslog traffic
input {
syslog {
port => 514
type => syslog
}
}
Then take a look at how to process Syslog messages: https://www.elastic.co/guide/en/logstash/current/config-examples.html#_processing_syslog_messages
Ryan Sayer
- 86
- 8