Split logwatch outpup for Graylog

Arethusa · May 22, 2019, 7:34am

Hello,

That works:

For the Linux logs:

input {
  tcp {
    port => 1514
    type => syslog
 tags => ["linux"] # <--------tag

  }

  udp {
    port => 1514
    type => syslog
    tags => ["linux"] # <--------tag
  }

}

 output {
   if "linux" in [tags] { # <--------tag
  gelf {
  host => "192.168.1.206"
  port => 10000
  }
 }
}

And for windows:

input {
  beats {
    port => 5000
    tags => ["windows"]  # <--------tag

  }
 }

output {
  if "windows" in [tags] {  # <--------tag
  gelf {
  host => "192.168.1.206"
  port => 12201
  }
 }
}

Thank you.

Topic		Replies	Views
Filebeat configuration Graylog Central (peer support) sidecar , filebeat-linux	46	50617	July 2, 2018
Send different input to the graylog using filebeats Graylog Central (peer support)	4	734	August 24, 2023
How to configure graylogs from logstash output Graylog Central (peer support)	3	9254	March 12, 2019
Send logs from Windows (Filebeat) to Graylog Graylog Central (peer support) sidecar , filebeat-linux , filebeat-windows , winlogbeat , nosendlogfblx	4	5520	June 28, 2019
Can someone tell me if I got this right? Graylog Central (peer support) sidecar , filebeat-linux , filebeat-windows , winlogbeat , nosendlogfblx	7	2427	April 21, 2020

Split logwatch outpup for Graylog

Related topics