Hello!
I found the article about forwarding all logs to another destination via outputs and the following:
udp {
host => '192.168.1.190'
port => '514'
}
My question is, instead of forwarding everything, how can i forward specific logs? in example i have 10 log sources that i would like to specifically forward instead of everything? Can i do it by IP? would i have to filter instead? I would prefer to do it by source IP in the output config. HELP!
Forward Specific logs to another log destination
Re: Forward Specific logs to another log destination
You can do based on the value of one of the fields:
OR even by IP:
Code: Select all
if [type] == 'palo_alto' {
udp {
host => 'X.X.X.X'
port => '44444'
}
}
if [type] == 'cisco' {
udp {
host => 'Y.Y.Y.Y'
port => '44445'
}
}
Code: Select all
if [host] in ['A.A.A.A', 'B.B.B.B'] {
udp {
host => 'X.X.X.X'
port => '44444'
}
}
if [host] in ['C.C.C.C', 'D.D.D.D'] {
udp {
host => 'Y.Y.Y.Y'
port => '44445'
}
}
Re: Forward Specific logs to another log destination
I will try these out! thank you!
Re: Forward Specific logs to another log destination
No problem, glad to help! Let us know if you have any related questions or when we're okay to lock this up and mark it as resolved.
Thank you!
Thank you!