securityonion/salt/elasticfleet/files/integrations/grid-nodes_general/syslog-tcp-514.json

{
  "package": {
    "name": "tcp",
    "version": ""
  },
  "name": "syslog-tcp-514",
  "namespace": "so",
  "description": "Syslog Over TCP Port 514",
  "policy_id": "so-grid-nodes_general",
  "inputs": {
    "tcp-tcp": {
      "enabled": true,
      "streams": {
        "tcp.generic": {
          "enabled": true,
          "vars": {
            "listen_address": "0.0.0.0",
            "listen_port": "514",
            "data_stream.dataset": "syslog",
            "pipeline": "syslog",
            "processors": "- add_fields:\n    target: event\n    fields:\n      module: syslog",
            "tags": [
              "syslog"
            ],
            "syslog_options": "field: message\n#format: auto\n#timezone: Local",
            "ssl": ""
          }
        }
      }
    }
  },
  "force": true
}