PREVIOUS
Read data from Kafka
NEXT
Sending logs using OPSEC LEA

System configuration / Sending the data / Sending the data using Logstash / Sending from an In-house Relay

Download as PDF

Sending from an In-house Relay

This is the preferred sending option since it doesn't require the specification of authentication certificates in the Logstash configuration file. 

When sending data through a relay, Logstash must be installed in the same machine as the relay.

The example below highlights the output section of the configuration file and shows that the events are sent to port 13000 on localhost. Port 13000 is used since we specify the tag in the appname variable. 

input {...}
output {

	syslog {
        facility => "local7"
        severity => "informational"
    	host => "localhost"						
    	port => 13000 						### send to port 13000 so the relay resend it to Devo
        sourcehost => "syslogHostname" 		### syslog message hostname
    	appname => "av.mcafee.epo.events"   ### syslog message tag
        protocol => "tcp"
	}
}
Download as PDF

Did you find what you were looking for?

If not, please let us know what you need. Your feedback will help us to improve.

PREVIOUS
Read data from Kafka
NEXT
Sending logs using OPSEC LEA