PREVIOUS Read data from Kafka

NEXT Sending logs using OPSEC LEA

System configuration / Sending the data / Sending the data using Logstash / Sending from an In-house Relay

Download as PDF

Sending from an In-house Relay

This is the preferred sending option since it doesn't require the specification of authentication certificates in the Logstash configuration file. 

When sending data through a relay, Logstash must be installed in the same machine as the relay.

The example below highlights the output section of the configuration file and shows that the events are sent to port 13000 on localhost. Port 13000 is used since we specify the tag in the appname variable. 

input {...}
output {

	syslog {
        facility => "local7"
        severity => "informational"
    	host => "localhost"						
    	port => 13000 						### send to port 13000 so the relay resend it to Devo
        sourcehost => "syslogHostname" 		### syslog message hostname
    	appname => "av.mcafee.epo.events"   ### syslog message tag
        protocol => "tcp"
	}
}

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US

PREVIOUS Read data from Kafka

NEXT Sending logs using OPSEC LEA