Add syslog to logstash

I would like to be able to send Syslog to Rock as well as other beats apps that I have installed already for the SIEM part of Elastic. do I just edit the conf files like normal and add those inputs? or is there something special I need to edit

Dave P

You could add a config file to /etc/logstash/conf.d/ directory like the one below.

yeah. maybe i need to setcap the java so it can open 514 low port? hope that doesnt mess with Rock too much

Setcap broke the jli libraries so I have to add the current java lib dir to the and regen

trying to add the conf file now for syslog on 514