Custom TCP Logs
Collect raw TCP data from listening TCP port with Elastic Agent.
What is an Elastic integration?
This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.
Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.
See the integrations quick start guides to get started:
The custom TCP Log package intializes a listening TCP socket that collects any TCP traffic received and sends each line as a document to Elasticsearch. Custom ingest pipelines may be added by adding the name to the pipeline configuration option, creating custom ingest pipelines can be done either through the API or the Ingest Node Pipeline UI.
Changelog
| Version | Details |
|---|---|
1.16.0 | Enhancement View pull request Update ES permissions to support reroute processors |
1.15.0 | Enhancement View pull request ECS version updated to 8.10.0. |
1.14.0 | Enhancement View pull request The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest. |
1.13.0 | Enhancement View pull request Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI. |
1.12.0 | Enhancement View pull request Update package to ECS 8.9.0. |
1.11.0 | Enhancement View pull request Document duration units. |
1.10.0 | Enhancement View pull request Update package to ECS 8.8.0. |
1.9.0 | Enhancement View pull request Update package-spec version to 2.7.0. |
1.8.0 | Enhancement View pull request Update package to ECS 8.7.0. |
1.7.1 | Enhancement View pull request Added categories and/or subcategories. |
1.7.0 | Enhancement View pull request Allow YAML custom configuration. |
1.6.0 | Enhancement View pull request Update package to ECS 8.6.0. |
1.5.0 | Enhancement View pull request Update package to ECS 8.5.0. |
1.4.1 | Bug fix View pull request Fix indentation of syslog processor in agent handlebars file. |
1.4.0 | Enhancement View pull request Update package to ECS 8.4.0 |
1.3.1 | Enhancement View pull request Improve syslog parsing description |
1.3.0 | Enhancement View pull request Add syslog parsing option |
1.2.0 | Enhancement View pull request Update package to ECS 8.3.0. |
1.1.0 | Enhancement View pull request Update to ECS 8.2 |
1.0.0 | Enhancement View pull request Initial Release |